Technology Risk Manager

The Process Risk Reduction Team drives the continuous improvement of Technology processes through targeted efforts to reduce operational risk and steps in when noteworthy issues or events occur. Risk reduction efforts can be identified through proactive monitoring for areas of opportunity, self-identified events, or remediation of gaps identified by internal and external reviewers. Such efforts are spearheaded by the Process Risk Reduction Team and are executed in partnership with other Technology teams that own the frameworks and processes under review
Additionally, the team services as an operational risk subject matter expert for the Technology organization.
Risk Reduction Managers know operational risk is a top priority for our business. You don’t just see the problem-you’ll drive the solution. You will be asked to:
Enhance Risk Mitigation Practices

• Enhance the control environment at American Express through close partnership with other Technology teams.

• Identify and proactively flag areas of high risk for intervention (e.g. process evaluation, automated alerts for near-threshold breaches, etc.)

• Develop and recommend risk mitigation strategies to address identified risks

• Develop, implement, and document adequate process controls

• Perform on-going tracking, monitoring of progress, escalation, and governance of identified issues on a periodic basis

• Influence partners to achieve targeted levels of project oversight, controls, and compliance

Provide Internal Consulting Services

• Provide guidance on controls and compliance, to key stakeholders

• Partner with the Tech Risk & Info Security Business Leadership Team to develop, implement, monitor, and report on appropriate control ratings and compliance ratings

Evolve with Process Risk Reduction Team

• Document learnings from improving controls

• Adapt to change as the Process Risk Reduction team continues to evolve

Requirements

• 5+ years of in Information & Operational Technology risk management

• Bachelor’s or an equivalent degree in a related field is beneficial

• Relevant certification(s) such as CISA, CISM, or CRISC is highly desired

• Deep knowledge of process excellence, risk/control assessment data analysis, compliance, and internal IT control frameworks

• Strong problem solver with the ability to use analytical methods to affect change

• Strong project management skills to drive high quality, timely deliverables across a matrix environment and ability to influence without direct authority

• Ability to conceptualize complex control relationships and develop rigor in control development, design and testing practices.

• Excellent written and verbal communication skills to deliver quality, actionable feedback on potential control issues

• Excellent written and visualization skills to develop and maintain relevant policies, procedures, and other guidance

• Ability to translate technical concepts to non-technical business leaders

• Broad understanding of information security and information technology disciplines and experience with technology control testing including interface inputs, reports, application security, business continuity, third parties, etc.

• Experience with data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards is a plus

• Understanding of regulatory landscape while able to link threats to risk tolerance and control efficiency measures

• Proven ability in extending and maintaining strong relationships in a complex multi-national corporation

• Initiative and energy to go beyond minimum requirements of effort and activity; a bias for action and for getting things done

• Knowledge/experience with GRC tools (preferably Archer) inclusive of reporting is beneficial.

At the core of Risk Reduction
Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:

• Agile best practices (understanding the framework and how to apply new controls within such a framework)

• Emerging technologies (cloud, blockchain, GenAI, etc.)

• Analytical thinking (analyzing complex information and/or requests, and identifying the most relevant details)

• Process improvement

• Information & Operational risk management

• Collaboration

• Industry and company knowledge

• RSA Archer tool competencies

• Risk Assessments

• Stakeholder outreach, engagement, and partnership

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian’s platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian’s brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.