Senior Manager, Tech Risk & Control - Technology Resilience
The Enterprise Technology Services organization partners with every part of the American Express business to power the company’s growth and innovation with trust and efficiency, and drive competitive differentiation with speed. We support the delivery and operations of technology, digital, and data capabilities, platforms, and services globally. Specifically, our team is responsible for the company’s technology engineering, architecture, and infrastructure, providing 24x7 support to ensure an uninterrupted, high-quality experience for customers and colleagues. We also provide product management for core enterprise platforms, and lead technology risk and information security, enterprise data governance and platforms, digital product and design, and enterprise AI platforms on behalf of the company.
Technology Resilience provides the foundational capabilities, practices, and oversight that enable secure, reliable, and resilient technology delivery across the enterprise. The Sr Mgr-Tech Risk & Control will lead risk and control oversight for Technology Resilience, partnering across resilience, infrastructure, operations, product, and business teams to identify, assess, mitigate, monitor, and report technology risk while strengthening control discipline and regulatory readiness.
- Leads Technology Resilience risk assessments, including RCSA activities, residual risk evaluation, control documentation, and leadership reporting.
- Develops and drives mitigation strategies for infrastructure risks, including resiliency, vulnerability, control, audit, and regulatory themes.
- Partners with Technology Resilience teams to identify control gaps, assess non-compliance, and support timely remediation of issues, findings, and operational risk events.
- Oversee control identification, ownership, effectiveness, and adherence across infrastructure processes and technology environments.
- Monitors Technology Resilience risk indicators, control performance, infrastructure vulnerabilities, application health, and resiliency metrics to identify emerging risk.
- Promotes risk decisions aligned with enterprise risk appetite, technology standards, regulatory expectations, and Technology Resilience priorities.
- Maintains consistent risk management documentation, governance routines, and evidence to support audit, exam, and committee needs.
- Prepares executive-ready risk insights, dashboards, and recommendations for Technology Resilience leaders, senior stakeholders, and risk forums.
- Provides guidance and training to strengthen Technology Risk & Control capability, control awareness, and operational resilience practices.
- Mentors Technology Risk & Control colleagues and promote collaboration, inclusion, and consistent risk practices across Technology Resilience.
- Leads cross-functional work with infrastructure, engineering, operations, cyber control management, and second-line partners.
- Manages delivery plans, dependencies, timelines, and stakeholder engagement for risk and control initiatives.
- Partners with senior leaders to build, retain, and develop high-performing risk and control talent.
- Collaborates with product and business teams to align infrastructure risk management with enterprise objectives.
- Bachelor’s degree in computer science, Information Systems, Cybersecurity, Risk Management, or comparable experience; advanced degree preferred.
- Advanced knowledge of global technology standards, infrastructure controls, operational resilience expectations, and applicable regulations.
- Strong knowledge of technology control domains, including technology resilience, ITGCs, vulnerability management, cloud security, governance, and control testing.
- Expertise in enterprise, operational, technology, and infrastructure risk management.
- Experience in technology risk and control within technology resilience, operations, resiliency, infrastructure, or information security environments.
- Experience with RCSA, risk assessment methodologies, residual risk evaluation, and advanced mitigation strategies.
- Experience translating regulatory requirements, policy standards, and compliance expectations into actionable technology controls.
- Experience with GRC and risk tools such as ServiceNow GRC, RSA Archer, MetricStream, Fusion, SAP GRC, or similar platforms.
- Experience creating executive-ready reporting, dashboards, and presentations using tools such as Power BI, Tableau, Excel, and PowerPoint.
- Experience with documentation and process mapping tools such as Visio, ACE Studio, or equivalent platforms.
- CompTIA (Security+ or equivalent certification)
- ISC2 (CISSP, or other equivalent certifications)
- ISACA (CISM, CRISC, or equivalent certifications)
Employment eligibility to work with American Express in the UK is required as the company will not pursue visa sponsorship for these positions.