Job Description
Sr. Analyst, Cybersecurity Risk Management (CRM) sits within the Global Risk & Compliance (GRC) organization and provides independent second-line oversight of Technology, Information Security, Data, and Resiliency risks across the enterprise. The CRM team ensures risks are effectively identified, assessed, monitored, and governed in line with firm risk appetite and regulatory expectations.
This individual contributor role supports independent oversight of Vulnerability Management and Network Security risks and processes. The role is risk-centric, focusing on risk exposure, control effectiveness, aggregation, and credible challenge of information security processes rather than operational execution.
Responsibilities
- Provide independent second-line oversight of Information and Cyber Security risk, with primary focus on Vulnerability Management and Network Security domains.
- Execute risk-centric assessments and monitoring of vulnerability management and network security practices, evaluating exposure, prioritization effectiveness, remediation governance, and residual risk.
- Apply a risk lens to security control performance, assessing how control design, operating effectiveness, and technology changes impact enterprise risk posture.
- Deliver credible challenge to first-line Technology and Cybersecurity teams on vulnerability risk decisions, including remediation timelines, risk acceptance, compensating controls, and treatment strategies.
- Perform data-driven risk analysis and thematic reviews across assigned processes, translating security data into actionable risk insights.
- Identify systemic risk themes, recurring control gaps, and emerging vulnerability trends, supporting issue identification, escalation, and lifecycle management.
- Contribute to risk aggregation and reporting for management, committee, Board, and regulatory audiences, including support for compliance and audit activities.
- Support development and enhancement of risk-aligned KRIs, KPIs, and metrics reflecting vulnerability and network risk drivers.
- Partner with TRM leadership to advance risk management objectives and strengthen the Technical Risk Management operating model.
- Maintain awareness of regulatory expectations, firm policies, and industry frameworks applicable to vulnerability and network security risks.
Qualifications
- Bachelor's Degree in a related field (e.g., Information Systems, Computer Science, Engineering) or equivalent experience.
- 3+ years of experience in technology risk, cybersecurity, audit, or related disciplines across any line of defense.
- Strong understanding of vulnerability management concepts and cybersecurity risk principles.
- Proven analytical and critical thinking skills with ability to synthesize risk insights from complex data.
- Excellent written, verbal, and interpersonal communication skills.
- Demonstrated ability to provide constructive challenge and operate with a strong risk mindset.
Preferred Qualification
- Experience overseeing vulnerability management and network security.
- Familiarity with risk frameworks such as COSO, COBIT, ISO 27001, NIST RMF, or FAIR.
- Knowledge of regulatory expectations including OCC Heightened Standards and FFIEC guidance.
- Experience with GRC tools (e.g., Archer, ServiceNow).
- Industry certifications such as CISSP, CISM, CISA, CRISC, and/or relevant technical certifications (e.g., CCNA or equivalent networking/security credentials).
About Us
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.
As part of Team Amex, you'll experience our powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.
About The Team
We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:
- Competitive base salaries
- Bonus incentives
- Support for financial-well-being and retirement
- Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
- Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
- Generous paid parental leave policies (depending on your location)
- Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
- Free and confidential counseling support through our Healthy Minds program
- Career development and training opportunities
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.
