Manager, Technology Risk
The UK Chief Risk Officer (CRO) organization within Global Risk and Compliance (GRC) is responsible for identifying and managing risk across all processes at American Express in the UK.
The Manager, Technology Risk, Enterprise Risk Management UK, within the GRC organization, is responsible for establishing the second line of defense framework for the Technology Risk[1] areas under their responsibility for the UK market. We are seeking an experienced risk manager to be a part of this exciting journey. The incumbent will identify, assess, measure, manage and report risk and strengthen the governance structure for our UK businesses.
- Participate in Risk Appetite Framework (RAF) refresh process and seek to align International Legal Entities (ILE) Technology Risk metrics with Enterprise (as far as possible)
- Collaborate with enterprise risk type 2LOD teams to coordinate the challenge to enterprise/local risk type 1LOD teams.
- Understand and speak to the Technology Risk profile of the LE based on aggregation of data and reporting
- Act as main point of contact for Technology Risk for LE regulator, Audit and ILE Leadership, and requests for Technology Risk program/results requests
- LE specific committee Technology Risk representative, and point of contact for Technology Risk at LE board meetings (as required)
- Input to ILE Technology Risk policies and frameworks, where required, to ensure they meet UK requirements
- Influence Enterprise Technology Risk Framework/Policies/Programs to ensure fit for purpose for ILE, and support ILE deployment of Enterprise Technology Risk programs
- Advise business on applicability and effective execution of Technology Risk frameworks
- Coordinate with Enterprise Risk Lead on 2nd Line testing, risk assessments, risk appetite reviews, and review/challenge activity, supporting effective communication between ILE Technology Risk and the Enterprise for awareness, risk aggregation and action tracking.
- Ensure appropriate communication of risks between ILE and Enterprise
- Support the ILE CRO in their oversight duties aligned to the Risk Governance Framework and applicable policies, reviewing Issues and findings related to Technology Risks affecting ILE, and overseeing effective remediation
- 2nd Line of Defense ILE oversight lead for Regulatory Change Managements relating to Technology Risk.
- Work with Enterprise team to develop LE metrics dashboard, including RAF metrics, aligned with applicable regulatory requirements.
- Perform second level review of all Information Technology (IT), Information Security (IS), Data, AI and Business Disruption risk questionnaires that need to be submitted to the Regulators
- Participate in operational resilience incident communication channels, with objective of monitoring and overseeing incidents that may require regulatory notification (e.g. in accordance with DORA requirements)
- 5+ years of leadership experience in risk management or a similar role;
- Strong business acumen with a risk-reward control perspective;
- Experience in interacting with regulators and familiarity with the UK regulatory landscape and requirements;
- Working understanding of the UK and EU regulatory landscape applicable to technology, data, cybersecurity, resilience, and AI risks, including FCA/PRA supervisory expectations, DORA, GDPR, EU Artificial Intelligence Act and the UK Government's AI Regulation Framework, NCSC CAF, as well as UK and EU data protection requirements
- Understanding risk assessment methodologies, frameworks, and industry standards;
- Experience with Governance, Risk and Compliance tools (e.g. Archer);
- Demonstrated ability to successfully manage multiple priorities under pressure;
- Fluency in English (verbal and written);
- Advanced degree in business, economics, engineering, or a related field is preferred;
- Having industry certifications in cybersecurity, operational resilience, business continuity management, Disaster Recovery or AI risk management is preferred.
Leadership Skills:
- Proven leader who can build, inspire, and coach a team with a passion for the business;
- Excellent relationship and influence management skills with the ability to build productive relationships across teams and levels of seniority;
- Self-confident with a strong sense of integrity and the ability and willingness to challenge and be challenged;
- Proactive in identifying issues, delivering and escalating key findings, and advising on recommended solutions to correct issues or mitigate risks;
- Ability to communicate oversight findings to colleagues, business partners, and senior leaders;
- Strong verbal and written communication skills.
Employment eligibility to work with American Express in the UK is required as the company will not pursue visa sponsorship for these positions.