Manager in Risk Management

The Technical Risk Management (TRM) team, within the Global Risk and Compliance organization and led by the Chief Risk Officer, manage operational risks associated with Information & Cyber Security Risk, Business Disruption, Technology Risk, Data Risk, and AI Risk Management. The team also ensures that risk management activities are conducted in a manner compliant with regulatory requirements and expectations. The team aggregates and reports on key risk management and oversight activities to the relevant management and Board risk committees.  

Functional Description:

This individual contributor role is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the operational resilience risk oversight program to provide credible challenge and oversight to the first line operational resilience risk taking activities. 

Reporting to the Director for Business Disruption & Operational Resilience Risk Management, the Manager is responsible for independently assessing and reporting operational resilience (including people, process, technology, third-party and infrastructure) risks and providing a view of aggregate risks. The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements.

Essential Job Functions:

• Conduct independent, proactive risk management and oversight of operational resilience (including people, process, technology, third party, and infrastructure) related risks.
• Assist in the development, implementation, and maintenance of the firm’s operational resilience framework (policies, governance and minimum standards) to ensure operational readiness and response to business disruption events.
• Learn operational resilience and business continuity management processes at American Express, demonstrating strong levels of curiosity and willingness, to present an effective credible challenge.
• Engage and liaise with internal stakeholder groups that have oversight of processes relevant to the firm’s Resilience approach to prevent, protect, respond and adopt/learn from disruptive events.
• Be apprised of resilience events and data collection including reporting when necessary; perform detailed reviews of trends to identify significant risks and ensure monitoring and remediation
• Develop and enhance data-driven key risk indicators and key performance indicators that provide real time and meaningful insights into the risk and performance trends.
• Support the design of operational resilience independent risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, Operational Risk Management, etc.
• Support compliance with resilience-related regulations and standards (e.g., OCC Bulletin 2020-94, FFIEC Handbooks, GLBA, etc.) to meet legal and regulatory obligations.  
• Help embed a strong risk-aware culture, encouraging proactive risk management behaviors within the organization. 

Required Qualifications:

• Minimum four years of experience in risk management within the banking/financial services industry including policy & procedure development, risk appetite, risk control self-assessment and testing, and issue management. 
• Proven ability to identify risks, analyze issues and derive meaningful insights about risk trends by conducting interviews and analyzing large volumes of data.
• Demonstrate analytical skills with high attention to detail and accuracy
• Displays a mindset of questioning assumptions, critically assessing information and seeking evidence to validate conclusions, so decisions are unbiased and well-founded.   
• Strong verbal and written communication skills with an ability to explain complex problems and ideas clearly and succinctly to senior management.
• Ability to work in a highly collaborative environment, excellent relationship building skills and ability to influence partners with a firm strategic view. 
• Demonstrate strong abilities in core Resilience skills, including business continuity management, dependency risk management, resilience monitoring, and resilience compliance management.

Preferred:

• Working knowledge of one or more of the data mining tools/technologies (e.g. Microsoft Excel: Pivot Tables SQL, SAS, Python, R)
• Experience in risk management across cyber security, information technology, 3rd party, business continuity management.
• Understanding of risk assessment methodologies, frameworks and industry standards.
• Knowledge of relevant policies & regulations (e.g., FRB SR 2020-24/OCC 2020-94, OCC Heightened Standards, FFIEC IT booklets, DORA)
• Experience with Governance, Risk and Compliance tools (e.g. Archer)
• Having industry certifications in operational resilience, business continuity management, and Disaster Recovery will be preferred.