Cybersecurity Exercise Program Lead/Manager

As part of Cybersecurity Operations, you will serve within an organization responsible for front-line cyber defense of American Express. We prepare for, detect, and respond to cyber threats through intelligence-driven actions that strengthen resilience and employer AMEX to deliver the world’s most trusted customer experience. Specifically, you will join a global program at American Express and be a lead contributor to our ongoing activities to help reduce cyber risks to the Company, the Financial Services sector and in the Information Security industry. You will be an integral part of an innovative team that plans, develops, and delivers exercises simulating cyber security incidents to improve company-wide readiness for real-world incidents. American Express is a recognized leader in the Financial Services sector, and you will be influential in helping advance the Company’s resilience and cyber risk management processes. Responsibilities: Plan and deliver multiple cyber exercises in conjunction with internal teams, vendor partners, and external organizations as applicable. Develop and maintain an annual cyber exercise roadmap aligned to enterprise risks, regulatory expectations, and control testing needs. Manage the complete lifecycle of exercise products and drive continuous improvement through formal after-action reports (AARs), remediation tracking, executive readouts, end-of-year planning, and strategic roadmaps. Lead cross-functional project teams and work with internal and external business partners to determine and translate technical and business requirements into exercise solutions that help reduce cyber risks for American Express and its partners. Coordinate with global teams across the organization to plan and conduct market-specific cyber exercises including crisis incident management teams at the tactical, senior executive, and board levels. Familiar with global regulatory requirements for this capability and respond to regulatory requests with relevant artifacts from cyber exercises to demonstrate compliance. Driving continuous improvement through automation, process improvement, and employing a forward-thinking lens for the future. Required Skills/Qualifications: Excellent interpersonal abilities with strong written and oral communication skills appropriate for varied audience levels. Highly diligent and process-focused in managing key deliverables and multiple timelines with competing priorities. Experience with planning, conducting, and facilitating exercises that simulate business continuity and cyber security events to help evaluate organizational communication, decision-making, and security incident response processes and capabilities. Strong familiarity with SOC workflows, incident response phases, ransomware response, cloud/SaaS dependencies, and disaster recovery. Can reframe information security risk in business ROI terms. Experience with DHS’s Homeland Security Exercise and Evaluation Program (HSEEP) and the ability to apply the principles to a cyber-focused exercise program. A passion for professional development and maturing the overall program in conjunction with industry best practices and regulatory guidance. A keen eye to drive continuous improvement not only within the program but also enterprise wide in conjunction with second and third lines of defense. Assist in maturing program KPIs into measurable business outcomes that exceed industry best practices. Brief or assist in briefing senior executives on exercise outcomes, top themes, and recommended investments while driving ownership on ownership and timelines. Educational requirement: Holds a bachelor's degree or equivalent work experience. Preferred Qualifications: Prior exercise experience at a financial institution or other organization within a highly regulated environment. Completed the Homeland Security Exercise and Evaluation Planning course (US FEMA), UK equivalent JESIP, or UK “Exercise in a Box.” Knowledge of the NICE Workforce Framework and MITRE ATT&CK. Prior experience with FS-ISAC, CISA, FSSCC, and other organizations. Experience using artificial intelligence in large language models to build realistic scenarios. Technical experience including cyber incident response, process improvement, and digital automation. Cyber Risk Management certifications including CISSP, CISM, FAIR, etc. Experience working with cyber range environments, virtualized environments and learning management systems for cyber technical training