At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

How will you make an impact in this role?

The SOX Governance and Advisory team within Controllership (1LOD) plays a critical role in supporting the enterprise by developing and executing a risk-based plan to assess and enhance the company’s internal controls over financial reporting. The team runs a robust governance framework to ensure compliance with the company’s 2LOD objectives and requirements of the Sarbanes-Oxley Act. 

The team is looking for a highly motivated and detail-oriented SOX IT Risk Advisory Senior Analyst to join our growing team. This role will help to ensure that Amex's internal controls over financial reporting with respect to IT systems and applications are in compliance with SOX. The Analyst will identify and assess relevant technology controls, focusing on the relevant risks for financial reporting across all of our in-scope applications and supporting infrastructure. This will include IT General Controls covering system security, logical and physical access controls, software development and change management processes, backup recovery procedures, and cybersecurity controls as well as IT Application Controls that ensure data integrity and timeliness. The role involves extensive collaboration with Technology teams, application and process owners, related Control Management functions, and internal and external auditors. 

The Analyst, SOX IT Risk Advisory will: 

Collaborate with Business, Technology, Finance, SOX Governance and Testing, and internal and external audit teams for matters related to SOX technology controls. Participate in SOX scoping and risk assessment of IT systems, applications, and key interfaces impacting financial reporting. Identify key technology and data risks relevant to ICFR and work with the SOX Testing team to mitigate risks and strengthen SOX controls Consult on the control design and implementation of required and repeatable IT controls with process owners and IT testing team to meet regulatory requirements, including for new products, processes, and system implementations, ensuring appropriate internal controls are in place Assist in development and refinement of ITGC methodologies, controls and document repositories. Serve as advisor to business and technology stakeholders on technology-related SOX risks and controls Support training and communications as needed on relevant technology risks and controls practices for the enterprise 

 

Minimum Qualifications: 

1-2 years of IT controls auditing and/or consulting Bachelor's degree in Management Information Systems, Information Technology, Computer and Information Science, Accounting, Business, or a related field Experience understanding business and IT processes and identifying and assessing associated ITGCs, ITACs, interfaces, and key reports IT and IS risk domain knowledge best practices and principles Understanding of financial reporting risk and requirements of the Sarbanes-Oxley act as well as internal control frameworks (e.g., COSO) Excellent project management, communication, and interpersonal skills, with an ability to interact and obtain buy-in from Business and Technology owners Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders 

 

Preferred Qualifications: 

Relevant professional certifications such as CISA, CISSP, CPA, CISM, or CRISC Knowledge in Oracle, security, and cloud technologies Knowledge of industry best practices for technology controls including frameworks from ISACA, NIST, ISO, and ITIL 

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.  

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.