Associate - Tech Risk & Control

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

How will you make an impact in this role?

• Understand the Regulatory Landscape and assess impact.
  

• Understand Regulatory audits and related interactions with Regulators.
  

• Understand and connect the dots with the current landscape on circulars, advisories, Master Directions etc.
  

• Liaise with other 1st lines of defense such as Control Management, Information Security and 2nd line (Risk), 3rd line (Internal Audit Group).
  

• Manage IT Ad-hoc Returns in collaboration with CISO, MCO and CRO.
  

• Audit Support of Annual PSS Audit, Annual Statutory Audit, IAG Audits (Concurrent), IT Exams, Network Exams, Taxation Audit (adhoc) and any other adhoc audits.
  

• Responsible for Regulatory Submissions like Quarterly RBI KRI submission, Response to Questionnaires, Response to Circulars/Advisories, Ad-hoc Regulatory requests, Compliance to Master Directives, Incident/outage reporting process, Semi-Annual DR compliance for RBI
  

• Monitor and Support key regulatory initiatives for the Bank in collaboration with Business Regulatory Office (BRO).
  

• Responsible for adhering to regulatory exam practices in collaboration with Regulatory exam management team, 2nd line risk teams, Control Management teams and IAG.
  

Communication

• Ability to draft and update w.r.t Regulatory, Incident and Technical Communication
  

Technology

• L1+L2 support for Application under CTO ownership including management of service now workgroups, incident/problem management and release & deployment (Hands on)
  

• Must have worked in multiple stages of SDLC lifecycle
  

• Understanding of tech-debt and manage tech-led initiatives
  

• Experience with tools such as ServiceNow GRC, SAP GRC, LogicGate, RSA Archer, MetricStream, RiskWatch, any AI tool, automation tools, Monitoring Tools (geneos, dynatrace, app dynamics,etc ), observability, workflow tools such as selenium etc (Hands-on on monitoring tools + ServiceNow would be an advantage), Data Visualization and Reporting tools such as Tableau, PowerBI
  

• Manages the identification and evaluation of controls and adherence to controls, ensuring effective implementation and reporting
  

• Familiar with technology MIS reporting (including automated reporting)
  

• Should be able to process regulatory requirements and compliance standards in the technology sector
  

• Be a part of the team that ensures alignment of IT Strategy with Business requirements
  

Project / Program Management

• Project planning, implementation, documentation, project lead
  

• Help initiate a project (on-boarding resources and access)
  

• Establish the project plan and tracking of activities.
  

• Communicate the progress on the project plan to relevant stakeholders
  

• Familiar with project management tools such as Rally, JIRA etc.
  

Stakeholder Management

• Initiate and participate as applicable in discussions with key stakeholders across Business, Operations and Technology
  

• Participate and conduct reviews as applicable with relevant stakeholders across Business, Operations and Technology
  

Vendor / Affiliate Management

• Technology Affiliate Management entailing monthly Reporting of Technology Performance as outlined in Affiliate Agreement.
  

• Coordinating, tracking, preparing and presenting reports to internal/external stakeholders including Affiliate reporting, Disaster Recovery reporting, Incident reporting etc.
  

Technology Risk

• Identify, Mitigate Tech Operational Risks.
  

• Familiarization with RCSA (formerly known as PRSA)
  

Status Reporting

• Periodic updates on deliverables to multiple types of stakeholders catering to different levels
  

• Prepares and presents detailed management reports and documentation to senior leadership and stakeholders, providing clear and accurate records of various technology assessments, mitigation actions, and compliance status
  

India Localization

• Monitor and Govern India Data localization controls including maintenance of the  Application list to avoid potential compliance breaches.
  

• Collaborate with various teams to ensure completion of the localization agenda from a technology standpoint basis compliance needs
  

Processes

• Champion of Incident Management, Change Management, Release Management, Problem/ Defect Management, Capacity Management and other essential processes from a technology applicability
  

People

• Enable a culture of continuous learning, growth opportunities, and inclusivity for self and colleagues and teams through mentoring, feedback, and metrics, and ensuring adherence to best practices and standards
  

• Supporting training and development of best practices
  

• Collaborate with senior leadership to hire top talent for the team, ensuring a high-functioning and cohesive unit
  

• Provides key inputs in training and development programs to enhance skills and knowledge in Technology, ensuring continuous professional growth and the ability to effectively manage current and future risks
  

Education and Knowledge

• Bachelor's Degree in  Computer Science, Information Systems, Cybersecurity, and/or comparable experience
  

• Good knowledge of global technology standards and applicable regulations
  

• Good knowledge of technology control domains such as Identity & Access Management, Security Architectures, Security Governance & Operations, IT General Controls, Security Testing, and Cloud Security
  

• Good understanding  in enterprise risk management with an emphasis on operational risk management and technology risk
  

• Proficiency in FLOD, SLOD ,TLOD construct with clear understanding of roles
  

Work Experience

• Experience in technology lifecycle of SDLC, SRE/ Technology Support (L1 + L2)
  

• Experience in processing regulatory requirements/ projects and compliance standards in the technology sector
  

• Experience with tools such as Dynatrace, AppD, ServiceNow GRC, SAP GRC, LogicGate, RSA Archer, MetricStream, RiskWatch, any AI tool, observability, automation tools, workflow tools such as selenium etc
  

• Experience with Data Visualization and Reporting tools such as Tableau, PowerBI
  

• Exposure to mainframe or distributed technologies would be an added advantage
  

• Exposure to Enabling functions  (Vendor management, GRC, etc),
  

• Exposure to technology risk & control and information security would be an added advantage
  

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries 
  

• Bonus incentives 
  

• Support for financial-well-being and retirement 
  

• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) 
  

• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need 
  

• Generous paid parental leave policies (depending on your location) 
  

• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) 
  

• Free and confidential counseling support through our Healthy Minds program 
  

• Career development and training opportunities
  

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.  

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.