Manager - SOX IT Advisory

Job Description

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.

As part of Team Amex, you'll experience our powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

The SOX Governance and Advisory team within Controllership (1LOD) plays a critical role in supporting the enterprise by developing and executing a risk-based plan to assess and enhance the company's Internal Control over Financial Reporting (ICFR). The team runs a robust governance framework to ensure compliance with the company's 2LOD objectives and requirements of the Sarbanes-Oxley Act.

The team is looking for a highly motivated and detail-oriented SOX IT Risk Advisory Manager to join our growing team. This role will help to ensure that Amex's internal controls over financial reporting with respect to IT systems and applications . The Manager will identify and assess relevant controls, focusing on the relevant risks for financial reporting across our in-scope applications and supporting infrastructure. This will include IT General Controls (ITGCs) covering system security, logical and physical access controls, software development and change management processes, backup recovery procedures, and cybersecurity controls as well as IT Application Controls that ensure data integrity and timeliness. The role involves extensive collaboration with Technology teams, Application and Process Owners, related Control Management functions, and internal and external auditors.

The Manager, SOX IT Risk Advisory will:

• Collaborate with Business, Technology, Finance, SOX Governance and Testing, and internal and external audit teams for matters related to SOX technology controls.

• Lead SOX scoping and risk assessment of IT systems, applications, and key interfaces impacting financial reporting.

• Identify key technology and data risks relevant to ICFR and work with the SOX Scoping team to mitigate risks and strengthen SOX controls. Consult on control design and implementation of required IT controls with Process Owners, including for new products, processes, and system implementations.

• Serve as a subject matter expert and advisor on technology-related SOX risks and controls and provide guidance to the business and Technology stakeholders.

• Support training as needed on relevant technology risk and control practices for the enterprise.

• Provide accurate and timely reporting and thought leadership to senior management on technology-related SOX risk and control matters.

Minimum Qualifications:

• 5+ years of experience in IT controls auditing and/or consulting, or other relevant experience within the financial services industry

• Bachelor's degree in Management Information Systems, Information Technology, Computer and Information Science, Accounting, Business, or a related field

• Demonstrated history and ability to collaborate with multiple teams and projects, spread over geographies and with varying backgrounds

• Demonstrated experience understanding business and IT processes and identifying and independently assessing associated ITGCs, IT Application Controls, interfaces, and key reports, especially in new and developing processes and products

• Knowledge of IT and systems risk domain best practices and principles

• Strong understanding of financial reporting risk and requirements of the Sarbanes-Oxley Act as well as internal control frameworks (e.g., COSO, COBIT)

• Excellent project management, communication, and interpersonal skills, with an ability to interact and obtain buy-in from business and Technology stakeholders

• Strong written and verbal communication skills and ability to articulate risk and control concepts to both technical and non-technical stakeholders

Preferred Qualifications:

• Relevant professional certification such as CISA, CISSP, CPA, CIA, CISM, or CRISC

• Knowledge of Oracle, and other security and cloud technologies

• Knowledge of industry best practices for technology controls including frameworks from ISACA, NIST, ISO, and ITIL

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.