• Job Description

  Req#: 23012348

  You Lead the Way. We’ve Got Your Back.

  With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

  At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

  Join Team Amex and let's lead the way together.

  The Global Risk & Compliance (GRC) group within American Express is responsible for providing oversight and governance of risks to ensure that the company operates in a safe and sound manner within regulatory expectations. In a world increasingly subject to digitalization and the use of technology, Cybersecurity, Technology and Resiliency risk management have become increasingly significant across organizations. These risks are becoming the key themes at board meetings. Cyberattacks, in particular, have become increasingly commonplace and the trend continues to move upward.
  
  This individual contributor role is part of the second line Cybersecurity, Technology and Resiliency Risk Oversight (CTRRO) within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for enhancing and executing on the CTRRO management program and providing independent risk oversight to the first line of defense.
  
  This role would be dedicated to conduct independent oversight to the Amex Bank of Canada (ABC) and will be based in the Toronto office, Canada. The role will report to a U.S or India based Director, CTRRO and will have a dotted reporting line to the Chief Risk Officer of ABC.

  How will you make an impact in this role?

  This role will require leveraging large volumes of data to developing key risk indicators to independently assess and report on Cybersecurity, Technology and Resiliency risks and issue findings, as needed. The risks and findings identified by this team can be reported to the Senior Management, Risk Management Committees, Board of Directors, and to the Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements.

  • Conduct technical assessments for different areas such as OSFI Self-Assessment (OSFI: Office of the Superintendent of Financial Institutions) to report on compliance/non-compliance with regulatory expectations and report on key current and emerging risks.
  • Leverage SQL, Python and other analytical tools to design implement and automate new Key Risk Indicators (KRI) and Key Performance Indicators that help identify key cybersecurity, technology and resiliency risks facing Amex Bank of Canada (ABC)
  • Leverage excel to develop and report the Control and Compliance (C&C) and Risk Appetite Framework (RAF) metrics.
  • Represent second line of defense in various committee activities and inform the Chief Risk Officer of the key risks.
  • Conduct exploratory data analysis on large sets of structure data using SQL, Python, Power BI and Excel to develop meaningful insights on cybersecurity and technology related data.
  • Stay knowledgeable of relevant regulations, guidelines & industry standards.
  • Support the design of independent technology risk oversight program which defines the engagement and integration with various risk management programs, including Process Risk Self Assessments, Business Continuity Management, New Product Approval, Mergers & Acquisitions etc.
  • Support Enterprise-wide control assessment for select areas.

  Minimum Qualifications

  • 5+ years of experience in risk management across any of the three lines of defense
  • Proven ability to identify risks, analyze issues and derive meaningful insights about risk trends by conducting interviews and analyzing large volumes of data.
  • Strong knowledge of one or more cyber security domains.
  • Excellent analytical skills with high attention to detail and accuracy.
  • Strong knowledge of one or more of the data mining/big data analytical tools (e.g. Microsoft Excel: Pivot Tables SQL,
  • SAS, Python, R, Power BI, Qlik)
  • Excellent critical thinking and problem-solving skills.
  • Required self-starter who can work with minimal supervision.
  • Excellent verbal, written and interpersonal communication skills.
  • Willingness to challenge traditional thinking by actively engaging in constructive dialogue.

  Preferred Qualifications

  • Educational background: Computer Science, Information Systems, Engineering
  • Experience in risk management across cyber security, information technology, 3rd party, business continuity management
  • Relevant Industry certifications (e.g. CISM, CISA, CRISC, CISSP, CCSK, CompTIA Cloud +, CCSP, Azure Security etc.)
  • Understanding of risk assessment methodologies, frameworks and industry standards (e.g. COSO, COBIT, ISO 27001, FAIR or NIST RMF)
  • Knowledge of relevant policies & regulations (e.g. OSFI B13, OCC Heightened Standards, FFIEC IT booklets)
  • Experience with Governance, Risk and Compliance tools (e.g. Archer)

  We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

  • Competitive base salaries
  • Bonus incentives
  • Support for financial-well-being and retirement.
  • Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
  • Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
  • Generous paid parental leave policies (depending on your location)
  • Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
  • Free and confidential counseling support through our Healthy Minds program
  • Career development and training opportunities

  American Express is committed to providing an inclusive and accessible work environment in which all people who apply for positions or who work for or on behalf of Amex are treated with dignity and respect and are provided with equal treatment with respect to employment, regardless of that person's age, sex, sexual orientation, gender identity, gender expression, race, colour, ancestry, ethnic or national origin, citizenship, religion or creed, marital status, family status, pregnancy, disability, record of offences, social condition or origin, political beliefs, association or activity or other factors prohibited under applicable Human Rights legislation (the “Prohibited Grounds”). If you have a disability and need accommodation, please speak with the Recruiter for more information.

  Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

• About the company

  At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly striving to uphold our powerful backing promise to our customers and each other every day.

Notice