Joining ETS Governance & Control means helping protect American Express customers and company through integrated, intelligence-driven technology risk and control management. Operating at the intersection of technology, governance, and risk, the team partners across the enterprise to modernize the foundation, advance risk intelligence, demonstrate trust at scale, and reduce material risk—enabling innovation with the right controls in place.
By building simplified, consistent frameworks and embedding continuous assurance, ETS Governance & Control enhances transparency, accountability, and sustainable risk reduction. The work is about empowering confident decisions, accelerating responsible delivery, and ensuring controls evolve with the business to strengthen trust and reduce enterprise risk at scale.
Role Description
ETS Control Management is responsible for identifying, assessing, mitigating, monitoring & reporting risk across business and technology processes as part of the first line of defense. The team ensures adherence to regulatory standards, American Express policies, and strengthens business resilience through robust control management practices.
This role focuses on embedding strong Control Testing & Operational Risk within BU processes for Enterprise Technology Services. The role emphasizes control effectiveness, independent validation, and risk-based monitoring, while partnering closely with Technology stakeholders, Operational Risk Management, Enterprise Control Management, Internal Audit Group, etc.
- Assist in independent control testing activities, including test of design and operating effectiveness
- Support QA and testing programs to ensure adherence to regulatory and internal standards
- Help identify high-risk areas for focused testing and intervention
- Support control monitoring activities, including analysis of operational risk trends, issues, and events
- Familiarity with the American Express operational risk management frameworks (RCSA/PRSA, Issue Management, etc.)
- Support development and maintenance of risk dashboards, Key Control Indicators and Key Risk Indicators, and reporting
- Design and test controls
- Assist in thematic risk analysis to identify trends, root causes, and emerging risks
- Support issue tracking and remediation validation activities
- Collaborate with stakeholders to support control environment improvements
- Leverage data and tools to improve efficiency of monitoring and reporting processes
Required Qualifications
- 3+ years of experience with control testing activities, including test of design and effectiveness
- Support QA and testing programs to ensure adherence to regulatory and internal standards
- Help identify high-risk areas for focused testing and intervention
- Support control monitoring activities, including analysis of operational risk trends, issues, and events
- Support development and maintenance of risk dashboards, Key Control Indicators and Key Risk Indicators, and reporting
- Design and test controls
- Assist in thematic risk analysis to identify trends, root causes, and emerging risks
- Collaborate with stakeholders to support control environment improvement
- Leverage data and tools to improve efficiency of monitoring and reporting processes
Preferred Qualifications
- Bachelor’s degree in Technology, Engineering, Risk Management; advanced degrees (e.g., MBA, MSc) or certifications are advantageous
- Previous technology risk /IT/IS experience or Relevant certifications (or pursuing): CISSP, CRISC, CISM, CISA, CSOE etc.
- Familiarity with GRC tools (e.g., Archer, ServiceNow, etc.)
- Interest or exposure to data analytics, automation, or AI/GenAI
Experience in at least one of the following:
Performing independent Control Testing for ITGC/Application Controls by assessing design and operating effectiveness
Supporting identification of risks throughout business processes and systems
Facilitating risk assessment performance in addition to further assessments and testing programs to ensure regulatory and internal standards are met
Supporting independent control monitoring, including identification of control improvements
- Supporting the identification of areas of risk for intervention, including conducting independent quality assurance and process testing
- Exposure to data analytics, automation, or AI/GenAI use cases in risk/control environments