Associate - Tech Risk & Control

• Drive a consistent GI technology risk posture by synthesizing inputs across teams into one clear view of risk, progress, and priorities.
• Clarify ownership, decision points, and escalation paths for cross-GI risk initiatives where accountability is potentially distributed or unclear.
• Improving the quality, completeness, and consistency of GI risk artifacts and updates leverage within GI and across the enterprise.
• Produce oversight-ready risk narratives that connect issues, events, controls, and remediation into an accurate, enterprise-aligned story.
• Enable timely decisions by highlighting trends, concentrations, and cross-cutting dependencies, and by escalating when delivery is at risk.

• Orchestrate cross GI delivery of risk artifacts (MAPs, OREs, PSRs) where inputs and actions span multiple teams, aligning stakeholders on scope, narrative, evidence needs, and timelines in partnership with ETS Governance & Control.
• Support the Director by running the cross GI operating rhythm with ETS Governance & Control, and second line partners, coordinating ownership, tracking actions, and driving escalation/decisioning when responsibility is unclear.
• Develop executive- and oversight-ready narratives that explain what happened, what is changing, residual risk, and the path to closure—grounded in facts and consistent across GI.
• Coordinate action plans across teams by surfacing dependencies, confirming owners and due dates, and escalating early when progress or accountability breaks down.
• Partner with ETS Governance & Control and risk/control stakeholders to align on evidence expectations and ensure remediation actions map back to the documented risk statements and control intent (while execution remains with accountable teams).
• Synthesize inputs into concise reporting and insights for GI leaders—highlighting trends, concentrations, hotspots, and recommended focus areas.
• Improve cross-GI ways of working by reducing friction in intake, tracking, and reporting, standardizing what “good” looks like while keeping ownership with the accountable teams. 

• Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity, or equivalent practical experience.
• Experience in technology risk, operational risk, controls, or technology governance within a large, complex enterprise technology environment .
• Working knowledge of the first line/ second line/ third line (FLOD/SLOD/TLOD) model, including how to partner effectively across Technology, Control Management, Risk, Compliance, and Internal Audit while maintaining appropriate role clarity.
• Ability to synthesize complex inputs (issues, events, assessments, control gaps, remediation plans) into clear written narratives and executive-ready summaries.
• Experience coordinating deliverables across multiple stakeholders, including tracking actions, managing dependencies, and operating with urgency in time-bound situations.
• Familiarity with common technology risk and control domains (e.g., change/release management, resilience, access management, vulnerability management, incident/problem management, monitoring/observability, and third-party/affiliate considerations).
• Practical experience using risk and workflow platforms and reporting tools (e.g., Archer, ServiceNow GRC, or similar, data visualization and reporting capabilities), with a focus on outcomes and clarity over tool administration.

Preferred skills

• Cross-platform thinking: Comfortable operating across infrastructure, platforms, and enabling capabilities, identifying patterns and connecting related risks across multiple products and teams.
• Ambiguity management: Able to define the problem, propose a plan, and drive progress when information is incomplete or ownership is distributed.
• Executive communication: Strong writing and presentation skills; able to tailor messages by audience and turn complex detail into clear decisions and actions.
• Influence without authority: Proven ability to build alignment, negotiate tradeoffs, and move work forward through strong relationships and credibility.
• Continuous improvement mindset: Interest in simplifying processes, strengthening reporting, and improving evidence quality through better ways of working.

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.