16,481 IT Risk jobs in the United States

Information Security Risk Management Lead

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the worlds most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values Protect, Improve, Grow underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Job Information

Functional title - Information Security Risk Management Lead

Department - Risk

Corporate level - Director

Report to - Head of Technology & Information Security Risk Management

Location - New York / New Jersey

Expected full-time salary range between $180K - $225K + variable compensation + 401(k) match + benefits.

What You Will Be Doing

Job purpose:

The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.

Essential Functions / Major Duties and Responsibilities of the Job

Strategic:

• Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
• Risk Assessments Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
• Process Improvements Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
• Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.

Operational:

• Review and Credible Challenge Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
• Risk Oversight Lead in executing oversight of information security risks by performing the following:
  • Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
  • Review and monitor the progress of actions and validate appropriateness of closure evidence.
  • Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
  • Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
  • Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
  • Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
• Project Oversight Lead in executing project oversight for information security risks by performing the following:
  • Provide challenge of risk management of material information security projects that may impact the firm's risk profile.
  • Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
  • Review project benefits and closure artifacts in preparation for transition to BAU.
• Governance Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
• Relationship Management Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
• Advisory Services Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
• Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.

Leadership:

• • Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.
  • Provide guidance and support to junior members of the team.
  • Interact with and present to regulatory bodies in regular continuous monitoring meetings.
  • Ability to partner, influence, and maintain credibility with the business

What We're Looking For

• • 10+ years of experience specifically related to information security governance, operations, and risk management.
  • Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
  • Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.
  • Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
  • Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
  • Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as:
  Cyber resilience Identity & privileged access management Secure coding practices Incident response Artificial Intelligence Third-party risk management Cloud security configuration and control frameworks Threat/vulnerability management Network security

Professional qualifications / certifications:

• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).
• Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.
• Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.
• Proficiency in MS PowerPoint and Excel.
• Experience in broader MS Office suite, including Project and Visio is a plus
• Experience with enterprise GRC tools, e.g. Archer is a plus

Our Commitment to Employees

At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

• Holiday - UK/Asia: 25 holiday days and 3 'life days' (in addition to bank holidays). US: 23 holiday days.
• 2 paid volunteer days so that you can actively support causes within your community that are important to you.
• Generous parental leave policies to ensure you can enjoy valuable time with your family.
• Parental transition coaching programmes and support services.
• Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world's most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle - whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values underpin everything that we do at CLS and define our working environment:

• Pivotal purpose
• Trusted guardian
• Targeted innovation
• Facilitate connections
• Delivering excellence
• Inclusive culture

Job information:

• Functional title - Information Security Risk Management Lead
• Department - Risk
• Corporate level - Director
• Report to - Head of Technology & Information Security Risk Management
• Location - New York / New Jersey
• Expected full-time salary range between $ 180K - $225K + variable compensation + 401(k) match + benefits.
  • Note: Disclosure as required by NY Pay Transparency Law of the expected salary compensation range for this role.

What you will be doing:

Job purpose

The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.

Essential Function / major duties and responsibilities of the job

Strategic

• Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
• Risk Assessments - Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
• Process Improvements - Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
• Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.

Operational

• Review and Credible Challenge - Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
• Risk Oversight - Lead in executing oversight of information security risks by performing the following:
  • Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
  • Review and monitor the progress of actions and validate appropriateness of closure evidence.
  • Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
  • Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
  • Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
  • Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
• Project Oversight - Lead in executing project oversight for information security risks by performing the following:
  • Provide challenge of risk management of material information security projects that may impact the firm's risk profile.
  • Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
  • Review project benefits and closure artifacts in preparation for transition to BAU.
• Governance - Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
• Relationship Management - Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
• Advisory Services - Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
• Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.

Leadership

• • Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.
  • Provide guidance and support to junior members of the team.
  • Interact with and present to regulatory bodies in regular continuous monitoring meetings.
  • Ability to partner, influence, and maintain credibility with the business

What we're looking for:

• • 10+ years of experience specifically related to information security governance, operations, and risk management.
  • Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
  • Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.
  • Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
  • Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
  • Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as:
  v Cyber resilience
  
  v Identity & privileged access management
  
  v Secure coding practices
  
  v Incident response
  
  v Artificial Intelligence
  
  v Third-party risk management
  
  v Cloud security configuration and control frameworks
  
  v Threat/vulnerability management
  
  v Network security

Professional qualifications / certifications

• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).
• Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.
• Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.
• Proficiency in MS PowerPoint and Excel.
• Experience in broader MS Office suite, including Project and Visio is a plus
• Experience with enterprise GRC tools, e.g. Archer is a plus

#LI-DK1

Our commitment to employees:

At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

• Holiday - UK/Asia: 25 holiday days and 3 'life days' (in addition to bank holidays). US: 23 holiday days.
• 2 paid volunteer days so that you can actively support causes within your community that are important to you.
• Generous parental leave policies to ensure you can enjoy valuable time with your family.
• Parental transition coaching programmes and support services.
• Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
• Employee Networks (including our Women's Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about inclusivity.
• Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don't.
• Active support of flexible working for all employees where possible.
• Monthly 'Heads Down Days' with no meetings across the whole company.
• Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
• Private medical insurance and dental coverage.
• Social events that give you opportunities to meet new people and broaden your network across the organisation.
• Annual flu vaccinations.
• Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
• Discounted Gym membership - Complete Body Gym Discount/Sweat equity program for US employees.
• All employees have access to Discover - our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
• Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.

Job Description

Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management. The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units. This position assesses information security risk within essential technology functions, key business processes, documentation, and collaborates with key business leaders to assist in reducing risk and maturing the overall control environment. This position will also support Audit and Compliance functions within Hearst, focusing on PCI and HIPAA.

Team Alignment: Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.

• Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies. Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
• Maintain the IT risk register and risk dashboard keeping risks, and their response plans up to date; will be required to work with cross-functional teams and businesses.
• Prepare detailed recurring risk management reports with associated metrics.
• Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.
• Support vendor due-diligence process and help define overall third-party risk management efforts.
• Support risk-focused governance entities such as forums and steering committees.
• Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
• Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.
• Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level. Collaboratively interface with global IT and business partners to provide guidance and support.
• Design and implement improvements in risk-related documentation.
• Other related duties as assigned.

Who You Are: As a mid-level position, comfort and experience with all aspects of governance, risk, and compliance is required.

Technical Skills

• Experience with IT governance, risk, and compliance management in a large global environment, while working with geographically dispersed, multidisciplinary teams.
• Experience conducting risk assessments and managing risk across departments and functions.
• Strong foundation in PCI and HIPAA compliance requirements and testing.
• Familiarity with an integrated risk management platform.
• Familiarity with security frameworks, particularly NIST and COBIT Cybersecurity Frameworks and HITRUST.
• Basic understanding and knowledge of technical fundamentals such as networking concepts, cloud computing, application development, and security best practices.
• Proficiency with Word, Excel, PowerPoint, JIRA, SharePoint.
• Experience with GRC and risk management platforms such as Prevalent and TruOps is desired.

Soft Skills

• Strong work ethic with attention to detail and demonstrated analytical abilities.
• Attention to detail, verbal and written communication, and initiative; able to apply constructive feedback to enhance managing risk.
• Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging.
• Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.
• Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction.
• Ability to deliver client-ready documentation and participate in relevant client meetings; able to work across teams effectively and efficiently.
• Working understanding of project management principles, processes, and documentation.
• Ability to collaborate with internal and external stakeholders.

Qualifications

• Bachelor's Degree in Information Technology, Computer Science, or equivalent.
• Minimum 5 years of relevant experience in a risk management role with at least 2 years of practical experience in Audit and Compliance.
• Industry standard certification such as CISA, CRISC, CISM, ARM, CISSP, ISO 27001, ISO 27005 is desired.

About Us

Hearst is one of the nation's largest global, diversified information, services and media companies.

Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives.

The company's diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world.

Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming.

With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.

Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.

Why PlayStation?

PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, acclaimed PlayStation software titles from PlayStation Studios, and more.

PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.

The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation.

PlayStation is looking for an Information Security Analyst to join our team and operate the day-to-day Information Security, Risk and Compliance management processes. This is a mixture of processing requests from the business and driving internal security projects such as security audit and assessment. This role requires a sound understanding of technical and engineering terminology, outstanding ability to articulate risk across any security domains (technical and governance) with the demonstrable ability to work independently and process high volumes of security requests on a weekly basis. This role also provides ample opportunity to work across technical and game-related projects with studio and PlayStation engineering teams and therefore requires risk advisory and influencing experience.

Based in San Diego, the candidate will be the key business relationship partner on behalf of Information Security and work on Information Security processes as well as strategic projects across PlayStation and the Studios group. This role will collaborate closely directly with business, technical and third party collaborators, as well as work multi-functionally with our other Information Security specialist teams across the globe to protect PlayStation’s intellectual property, data and infrastructure whilst delivering new and evolving games, services and hardware to the market. This is an opportunity to provide security directly to the global PlayStation business, our PlayStation Network and global Studios and their game development.

What you’ll be doing:

• Review, triage, risk assess and process security requests from technical, engineering and business partners that require security input and approvals.
• Work independently to understand collaborator requirements and the security risk involved. Use security policy, process and information security expertise to advise collaborators on appropriate solutions that do not open PlayStation up to security risks.
• Review security requirements associated with third party engagement requests and determine what level of third party assurance is required.
• Initiate and support the third-party due diligence and assurance assessment processes and able to articulate and advise on associated risks to the business, contractual requirements and resulting recommendations.
• Articulate and communicate risk to relevant collaborators, whilst with technical teams, partners, and leadership teams to translate security risk into mitigation plans into action items.
• Negotiates, tracks and reports these remediation efforts within the PlayStation risk programme.
• Coordinates all aspects of information security and provides consulting services to business units and other partners.
• Works with business partners from across PlayStation and Studios to identify and implement information security requirements related to projects and engagements.
• Monitors and reviews IT security controls to identify operational efficiency.
• Performing security audits related to critical systems and prioritized business scopes.
• Triage information security incidents, working with our 24/7 SOC teams, business partners and related third parties, as well as be responsible for reporting and raising where necessary.
• Works with GRC and other security tools to collect and maintain security and risk information.
• Maintains broad knowledge of industry trends in the field of information security and other technologies relevant to systems handled by the operations teams.
• Advances the InfoSec program via partnerships with shared services teams within information security.

What we’re looking for:

• At least four years of related work experience within Information Security risk management or security audit, with a sound technical understanding of information technology, network or infrastructure management.
• Must be a self-starter, comfortable with processing security requests independently initiating discussion with collaborators to drill down on exact requirements and how it aligns to process and policy.
• Experience in business partner/collaborator management, across technical and non-technical partners.
• Used to working within critical metrics and SLAs to ensure efficient responses and smooth ticket management.
• Experience in Jira, Confluence and GRC tracking and assessment tools.
• Can independently perform information Security due diligence and audits, identifying gaps and require mitigations.
• Proven technical background in Information Security including work related to cloud infrastructure, SaaS applications, emerging technology.
• Ability to understand technical terminology to understand and assess security environment.
• Experience with third party due diligence and contract reviews.
• Excellent communicator, able to translate both technical and business requirements and terminology to the applicable audience.

Desirable Knowledge and Skills:

• Familiarity with AWS (or similar) cloud security and infrastructure.
• Knowledge of and experience with SaaS and web infrastructure security
• Awareness of security risks associated with AI and other emerging technologies
• Microsoft Windows and Apple Mac OS hardening
• Policy administration
• Security standards such as SOX, ISO 27001, NIST, PCI
• Ability to handle parallel tasks and accurately detail resolutions
• Bachelor’s degree in Computer Science, Information Security, or related field or equivalent experience

Please refer to our  Candidate Privacy Notice  for more information about how we process your personal information, and your data protection rights.

At SIE, we consider several factors when setting each role’s base pay range, including the competitive benchmarking data for the market and geographic location. 

Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location. 

In addition, this role is eligible for SIE’s top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more.

This is a flexible role that can be remote, with varying pay ranges based on geographic location. For example, if you are based out of Seattle, the estimated base pay range for this role is listed below.

$140,000 - $210,000 USD

Equal Opportunity Statement:

Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy, maternity or parental status, trade union membership or membership in any other legally protected category.

We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond. 

PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.

Exact compensation may vary based on skills, experience and/or education, and location. This position is also eligible for an annual bonus.

SUMMARY

The Information Security Risk Analyst is a critical role within Information Security that plays an integral part in security and resilience of the bank's information systems and data assets. Reporting directly to the Information Security Officer (ISO), the Information Security Risk Analyst is responsible for maintaining information security policies, procedures, and controls to mitigate risks and comply with regulatory requirements. The Information Security Risk Analyst must also have extensive knowledge and understanding of risk management processes and mitigation strategies to address identified risks in technology and business processes through direct involvement with the business units.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Under the guidance of the ISO, conduct comprehensive risk assessments of information systems, applications, processes, and infrastructure to identify security vulnerabilities, threats, and risks.
• Maintain the Data Loss Prevention Program including the review of data access permissions and monitoring data flows to detect potential breaches or security policy violations.
• Maintain the Issues Management Program designed to track and manage identified security issues.
• Evaluate the implementation of information security processes and controls in alignment with the enterprise Information Security Program and ensure compliance with regulatory requirements such as GLBA and FFIEC guidelines
• Maintain the Threat Intelligence Program designed to monitor and identify vendors, data, or system compromises.
• Maintain and provide compliance evidence for audits, internal requests, and other appropriate business needs
• Reports on cybersecurity Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to inform leadership and drive accountability.
• Maintain the GRC platform for Information Security, ensuring compliance with internal policies and regulatory requirements.
• In collaboration with the security team, assists in the development and monitoring of security policies, standards, guidelines, diagrams, and procedures to ensure ongoing maintenance, identify gaps and/or recommendations.
• Prepare risk assessment reports and presentations for management and audit.
• Complies with and stays abreast of all policies and procedures, federal and state laws applicable to the job. Assess Information Security requirements and present recommendations in compliance with Bank and Regulatory requirements.
• Provide, present, and promote the Citizens Experience to all external and internal customers.
• Other duties as assigned.

SUPERVISORY RESPONSIBILITIES

This position has no supervisory responsibilities.

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

EDUCATION and/or EXPERIENCE

Associate's degree (A. A.) or equivalent from two-year College or technical school; or one-year related work experience; or combination of education and experience.

Experience with the NIST Cybersecurity Framework (CSF) 2.0, Cyber Risk Institute (CRI) Profile, or GLBA Risk Assessments is a plus.

LANGUAGE SKILLS

Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.

MATHEMATICAL SKILLS

Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.

REASONING ABILITY

Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

COMPUTER & SOFTWARE SKILLS

To perform this job successfully, an individual should have fundamental knowledge of security principles and technologies.

Experience with GRC Platforms such as Archer, MetricStream, ServiceNow is a plus

CERTIFICATES, LICENSES, REGISTRATIONS

• Certified in Risk and Information Systems Control (CRISC)
• CompTIA Security+
• Certified Enterprise Defender (GCED)

OTHER SKILLS and ABILITIES

• Excellent organizational and time management skills are essential.
• The following skills and experience are relevant and preferred
  1. Banking experience
  2. Compliance & Risk management

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the associate is regularly required to talk or hear. The associate is frequently required to stand; walk; sit; and use hands and fingers to handle or feel. The associate is occasionally required to reach with hands and arms, and stoop, kneel, crouch or crawl. The associate is regularly required to operate a computer keyboard, mouse, calculator and telephone and reach with hands and arms. The associate must occasionally lift and/or move up to twenty-five (25) pounds.

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an associate encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The work environment is usually moderate.

Salary Range:$87,612.00 To $124,846.00 Annually

Why Work at BYU

As the flagship higher education institution of The Church of Jesus Christ of Latter-day Saints, Brigham Young University (BYU) strives to be among the exceptional universities in the world. At BYU, we are devoted to our faith and to our students. We take an active role in the University's Mission: "To assist individuals in their quest for perfection and eternal life."

Our unique mission, deeply rooted in the Gospel of Jesus Christ, provides countless ways to serve and make an impact. This, along with our remarkable culture of belonging, weekly devotionals, and endless opportunities for learning and growth-all situated within a beautiful and historic campus-make it hard to imagine a more inspiring place to work.

Brigham Young University strongly prefers to hire faithful members of The Church of Jesus Christ of Latter-day Saints.

Job Description

Information Security Risk Manager

The CES Security Operations Center is currently looking to hire an Information Security Risk Manager to serve BYU, BYU-Hawaii, BYU-Idaho, and Ensign College. This position, along with our other Risk Management positions, will be supporting and enabling the implementation of security programs and controls, advising on the risk implications of architecture and design decisions, and assisting with the design and validation of risk reduction efforts of various administrative and academic units at each campus. People skills are essential as we regularly interact with campus customers. This position also gives you the opportunity to share with others your acquired skills, to grow and learn more, and to apply that learning. Other responsibilities will be assigned to you as you gain skills through on-the-job training, career-focused professional development, and mentoring.

You are going to love working at BYU/OIT! Here's why:

• OIT strives to provide the flexibility needed (both in schedule and remote work) to help employees maintain a great work-life balance.

• You will work with real-world, leading-edge technology that serves the campus community while furthering your career.

• OIT provides regular training and coaching to help you grow your career and improve your skills.

• Plus, we have a LOT of FUN together!

What you will be doing in this position:

Consulting and Advisory Duties:

• Establish and maintain relationships with various campus partners

• Assist business and technical leaders in understanding, prioritizing, and reducing information security risk

• Participate in key security and privacy compliance committees to ensure business practices adequately meet regulatory compliance requirements

• Communicate risk and/or information security knowledge appropriately to technical and non-technical audiences

Risk Analysis, Assessment and reporting:

• Promote and evaluate adherence to information security policies and standards

• Coordinate security assessment findings and reports with management, engineers, and customers

• Prioritize risk reduction work based on resources available and risk levels

What qualifies you for this role:

Education and Experience:

This position provides an opportunity for people of varying levels of skill. If you have a lot of education, experience, and skill, we'll compensate you accordingly. If you are early in your career, this could be a great opportunity for you, too. Different levels of pay are assigned by the hiring department depending on experience/education/skills and business needs.

Minimum Required: Bachelor's degree in Information Systems, Information Technology or equivalent professional experience; 5+ years of related work experience preferably in an information security, IT assurance, compliance, or risk management role.

Certifications: Prefer one or more recognized IT security or assurance certifications such as CISSP, CISA, CISM, CRISC, CPISA (other technical certifications are also given consideration).

Skills, abilities, or knowledge:

You are not required to have experience in all areas listed below. What you don't know we can teach you. We are seeking the most qualified candidates; the more you have, the more likely you will be selected. Compensation will be commensurate with experience and skills.

Technical Skills and Experience:

For this position, we are looking for someone with experience and expertise in several of the concepts and specific technical skills listed below:

• Familiar with security standards and best practices such as those specified by the payment card industry, ISO 27000, National Institutes of Standards and Technology, and Center for Internet Security

• Excellent communication skills (Written and verbal)

• Ability to develop, refine and follow processes

• Proven ability to conceptualize, analyze and communicate complex issues and concerns to both technical and non-technical managers and workers

• Conversant in the security and risk implications for common technical architecture and components. Ability to identify and assess security risks across technical domains such as segmented enterprise networks, identity and access management, cloud architectures, insider threats, endpoint protections, securing web applications, and privacy regulatory compliance.

• Ability to work individually and as part of a team with minimal supervision

What we offer in return:

In addition to our competitive pay structure, this position comes with fantastic benefits, including:

• 401k. BYU automatically contributes 8% at no cost to you. Additionally, if you contribute 5%, BYU adds an additional 4% (Rehires may qualify for different retirement plans)

• Excellent work-life balance: 13 paid holidays + 22 days paid vacation + 12 sick days, accrued annually

• Employee assistance program, available to the employee and all members of their household

• Tuition benefits for employees and eligible family members

• Access to athletic facilities

• Excellent medical/dental benefits

• Short/long-term disability benefits

• Paid parental and maternity leave

• Wellness Program

• Free on-campus parking

• Free UTA passes for employees, spouses, and qualified dependents

• Discounts at the BYU Store and for many events at BYU

Pay Grade: 55T

Typical Starting Pay: $99,000-$129,000

Required Documents:

All Staff positions require a resume.

Refer to the Job Posting for any additional required documents.

Members of The Church of Jesus Christ of Latter-day Saints must hold and be worthy to hold a current temple recommend.

Brigham Young University is an equal opportunity employer, including disability and protected veteran status.

Brigham Young University (BYU) is widely recognized not just for its world-class education, but for its deep commitment to inspired religious values. Gathered together in a Christ-centered atmosphere, BYU employees are a vital part of a community of belonging, where we value the experiences, perspectives, and talents of each individual. If you share in our devotion to faith and to excellence, we have a place for you here at BYU!

Description

The Information Security Risk Analyst role is responsible for critical assessment, analysis, and support necessary to maintain the Information and Cyber Security Program.

• Conduct comprehensive risk assessments to identify and evaluate potential threats and vulnerabilities to information systems, assets, programs, and practices
• Analyze controls for weaknesses in security, business resiliency, data protection, privacy, and compliance frameworks
• Leverages quantitative analysis and qualitative narrative to thoroughly document and report all identified risks and gaps to Information Security leadership
• Conduct Information and Cyber Security due diligence to support the Third-Party Risk Management program
• Support Information Security leadership with facilitation of program management efforts including but not limited to risk register maintenance, issue management, security awareness, vulnerability management, policies, procedures, metrics and reporting
• Interface and collaborate with internal stakeholders and external auditors as necessary to support the Information Security Program and other critical business efforts
• Perform horizon scanning and stay up to date with regulatory changes, emerging threats, vulnerabilities, security standards and best practices
• Participates in and support incident response activities as necessary
• Perform other duties as assigned

Required Experience:

• Bachelor's degree in cyber security, information technology, business, or finance, or equivalent industry experience. Professional certifications such as ISC2 Certified in Governance Risk & Compliance (CGRC), ISC2 Systems Security Certified Practitioner (SSCP), Comp TIA Security+
• 2-3 years of Information Security risk management or audit experience. Experience and understanding of regulatory requirements and laws, including but not limited to; GLBA, HIPAA, PCI, GDPR, and TDPSA. Experience with security and control framework including but not limited to; NIST, CIS, CSA, SSAE10 SOC2, and HITRUST
• Preferred experience with vulnerability management, security awareness, and GRC systems or platforms. Prior Information/Cyber Security of Information Technology practitioner experience in the financial industry or other highly regulated industry is helpful

Skills:

• Exceptional written and verbal communication skills; including ability to translate security and risk to all levels of the business. Strong analytical skills with proven attention to detail. Strong organization and time management skills
• Work occasionally requires more than 40 hours per week to perform the essential functions of the position
• Lifting in an office setting may be required up to 30lbs.

ANBTX strongly encourages candidates that are fluent in English and Spanish to apply. Jobs that specifically require candidates to be bilingual will be posted as a requirement.

Equal Opportunity Employer

This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights notice from the Department of Labor.

It's not just about your career or job title. It's about who you are and the impact you will make on the world. Because whether it's for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you're in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us.
It's not just about your career or job title. It's about who you are and the impact you will make on the world. Because whether it's for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you're in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us.
**Who will you be working with?**
Join Enterprise Information Security (EIS) to drive cybersecurity excellence leveraging intelligence, strategic partnerships, and analysis. Collaborate daily with GRC, Architecture, Operations, and key Information Technology stakeholders to advance our information security capabilities.
**How will you make a difference?**
As a member of Information Security Assurance (ISA) team, Wabtec is looking for a **Cybersecurity** **Risk Analyst** . This role reports to the ISA Sr Manager within EIS, and will be responsible for designing, building, developing, implementing, and operating a strategic Risk Management program to protect Wabtec and its stakeholders while supporting our strategic objectives. This role needs a strategic thinker with a strong technical expertise and understanding of common threats, and deep knowledge of risk frameworks. The Risk Analyst will collaborate across departments to embed risk practices into business processes, drive governance, and support informed decision-making. This position plays a critical role in fostering a risk-aware culture across the organization, promoting awareness of security risks and empowering employees to actively contribute to enhancing Wabtec's risk posture.
**What do we want to know about you?**
_You must have:_
+ Bachelor's degree in Business, Technology, Cyber Security, Technology Risk Management or related field or hands-on and strong experience
+ 5+ years experience within IT operations, Security or Risk management
+ Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly
+ Strong interpersonal skills.
+ Knowledge of industry Risk management frameworks, common mitigation practices, and Organizational control management.
+ Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant information security controls.
+ Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact together.
+ Demonstrate proficiency in process formulation and improvement.
+ Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response.
+ Experience with auditors, both internal and regulatory to drive positive audit results with strong remediation paths.
+ Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management.
_We would love it if you had:_
+ ISO 27001 and NIST CSF knowledge are highly desirable.
+ Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP)
**What will your typical day look like?**
The ideal candidate will have experience designing, building, operating, and maturing effective programs to manage Information Security Risks and their remediations.
+ Risk Management Program Development:
+ Design and implement a comprehensive risk management framework tailored to the organization's needs.
+ Establish risk assessment methodologies, including threat modeling and vulnerability scoring systems.
+ Develop policies, procedures, and guidelines for risk identification, analysis, and mitigation.
+ Create risk reporting structures and dashboards for effective communication to stakeholders.
+ Continuously evaluate and streamline risk management processes to improve efficiency, reduce complexity, and enhance responsiveness to emerging risks.
+ Comprehensive Risk Identification, Assessment & Analysis:
+ Lead and conduct comprehensive risk assessment to identify, prioritize and quantify potential and existing security threats and vulnerabilities across the organization's systems, network, and applications.
+ Utilize risk analysis methodologies and tools to assess the effectiveness of existing security controls and identify areas for improvement.
+ Provide expert guidance on risk mitigation strategies and control implementation to minimize exposure to security risks.
+ Develop risk management methodologies tailored to the organization's specific risk profile and business priorities.
+ Collaborate with stakeholders to establish risk tolerance levels and develop risk mitigation plans.
+ Risk Remediation Planning & Execution:
+ Develop remediation plans based on the findings of risk assessments, prioritizing actions to address critical vulnerabilities and mitigate high-risk threats.
+ Work closely with relevant stakeholders to implement security controls and measures to remediate identified risks effectively.
+ Monitor the progress of remediation efforts and provide regular updates to management on the status of risk mitigation initiatives.
+ Conduct post-remediation reviews and analysis to validate the effectiveness of remediation activities and identify any residual risks.
+ Risk-Awareness Culture:
+ Drive clear, concise, pragmatic outcomes balancing risk with business objectives.
+ Foster a culture of accountability and responsibility for information security by encouraging active participation in risk identification, reporting, and mitigation efforts.
+ Promote open communication channels for reporting concerns and potential risks, and ensure timely resolution and escalation as needed.
+ Establish channels for risk reporting and feedback from employees across departments.
+ Continuous Improvement & Adaptation:
+ Establish metrics and KPIs to measure the effectiveness of the risk management program.
+ Regularly review and update the risk management framework to address emerging threats.
+ Stay informed on industry best practices and regulatory changes to enhance the program.
+ Foster partnerships with internal and external stakeholders to evolve risk management capabilities.
+ Be curious about our business and seek to understand.
+ Bring new ideas, methods, and approaches to this role. Leverage own expertise to challenge the status quo and drive decisions
Physical Demands:
+ Employee is required to work on a computer for up to 8 hours per day
+ Employee may be in a sitting position for several hours per day
+ Employee must be able to read small text on computer screens/monitors
+ Employee is regularly required to talk and hear
**_Work Environment: (Usual office job)_**
+ Hybrid work schedule (both on-site and remote)
+ The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise
Our job titles may span more than one career level. The salary range for this role is between
The actual salary offered to a candidate may be influenced by a variety of factors, such as: training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at mywabtecbenefits.com . Other benefit offerings for this role may include an annual bonus, if eligible.
**Who are we?**
Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation, and Faiveley Transport, the company has grown to become One Wabtec, with unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems.
Wabtec is focused on performance that drives progress and unlocks our customers' potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit our website to learn more! Commitment to Embrace Diversity:**
Wabtec is a global company that invests not just in our products, but also our people by embracing diversity and inclusion. We care about our relationships with our employees and take pride in celebrating the variety of experiences, expertise, and backgrounds that bring us together. At Wabtec, we aspire to create a place where we all belong and where diversity is welcomed and appreciated.
To fulfill that commitment, we rely on a culture of leadership, diversity, and inclusion. We aim to employ the world's brightest minds to help us create a limitless source of ideas and opportunities. We have created a space where everyone is given the opportunity to contribute based on their individual experiences and perspectives and recognize that these differences and diverse perspectives make us better.
We believe in hiring talented people of varied backgrounds, experiences, and styles. People like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.
#LI-TD1
Our job titles may span more than one career level. The salary range for this role is between
$77,400.00-$110,300.00
The actual salary offered to a candidate may be influenced by a variety of factors, such as: training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at mywabtecbenefits.com . Other benefit offerings for this role may include an annual bonus, if eligible.
**Who are we?**
Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation, and Faiveley Transport, the company has grown to become One Wabtec, with unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems.
Wabtec is focused on performance that drives progress and unlocks our customers' potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit our website to learn more! Commitment to Embrace Diversity:**
Wabtec is a global company that invests not just in our products, but also our people by embracing diversity and inclusion. We care about our relationships with our employees and take pride in celebrating the variety of experiences, expertise, and backgrounds that bring us together. At Wabtec, we aspire to create a place where we all belong and where diversity is welcomed and appreciated.
To fulfill that commitment, we rely on a culture of leadership, diversity, and inclusion. We aim to employ the world's brightest minds to help us create a limitless source of ideas and opportunities. We have created a space where everyone is given the opportunity to contribute based on their individual experiences and perspectives and recognize that these differences and diverse perspectives make us better.
We believe in hiring talented people of varied backgrounds, experiences, and styles. People like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.

**Description**
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.
Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.
Global Risk, & Compliance (GRC) group is the independent risk management (Second Line) organization within American Express and is headed by the Chief Risk Officer (CRO). GRC provides oversight as well as governance of risks and ensure the company operates in a safe and sound manner within global regulatory expectations.
The Information Security Risk Director is a leadership position within GRC's Cybersecurity, Technology, and Resiliency Risk Oversight (CTRRO) team. The Director will lead a team of colleagues who execute independent risk management activities for assigned cybersecurity processes as well as lead CTRRO's data and automation capabilities. The role reports into the Vice President of CTRRO, who reports into the Head of CTRRO and Vendor Risk Oversight, who reports into the EVP of Enterprise Risk Management.
**Responsibilities**
+ Lead and nurture a global team of four to six direct reports and maintain performance management for assigned colleagues
+ Lead execution of risk assessments, monitoring, and reporting over assigned cybersecurity processes, such as vulnerability management
+ Identify and apply thought leadership, best practices, and emerging trends
+ Lead gap assessments per laws, regulations, and regulatory guidance as well as industry frameworks and company policies
+ Demonstrate high level of curiosity to learn and willingness to present an effective credible challenge
+ Identify issues for control failures or gaps and execute issue management until closure
+ Develop strong working relationships with all levels of the organization, handle and resolve conflict, to achieve results and enact wide-scale impact across the organization.
+ Lead CTRRO's data strategy, including analysis and creation risk metrics (KRIs/KPIs), direction of enhancement of the team's GRC modules and capabilities, query cyber data warehouses, and building risk dashboards and reporting.
**Qualifications**
+ BA or BS in Cybersecurity, Information Systems, Computer Science, Data Science, or related field is preferred
+ Must have relevant Cybersecurity, technology, or risk management certification (CISSP, CCSP, CEH, CISM, etc.)
+ 8 of experience in relevant fields such as technology audit, risk, cybersecurity, or information technology, with 3 years of experience in leadership roles
+ Prior experience in cybersecurity and information technology is preferred
+ Prior experience in creating or directing development of automation capabilities, GRC tools, big data platforms, KRIs/KPIs
+ Prior experience in applying cybersecurity concepts and countermeasures in public cloud environments
+ Demonstrated expertise in using regulatory and industry cybersecurity frameworks and guidance (CRI Sector Profile, NIST, FFIEC, MITRE ATT&CK) to audit cybersecurity controls
+ Knowledge of current cybersecurity industry trends and events and experience in applying evolving trends to audits, assessments, or lessons learned
+ Demonstrated proficiency in translating cybersecurity concepts for public cloud environments
+ Proven ability to lead projects and initiatives that drive performance
+ Demonstrated track record of integrity, effective communication, innovation, and excellence
+ Strong written and verbal communication skills to deliver high quality, actionable feedback to client management on control issues and potential solutions to close gaps
**Qualifications**
Salary Range: $170,000.00 to $255,000.00 annually bonus equity (if applicable) benefits
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we'll consider your location, experience, and other job-related factors.
We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:
+ Competitive base salaries
+ Bonus incentives
+ 6% Company Match on retirement savings plan
+ Free financial coaching and financial well-being support
+ Comprehensive medical, dental, vision, life insurance, and disability benefits
+ Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
+ 20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy
+ Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
+ Free and confidential counseling support through our Healthy Minds program
+ Career development and training opportunities
For a full list of Team Amex benefits, visit our Colleague Benefits Site .
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. American Express will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, American Express will comply with such regulations as it relates to the consideration of applicants with criminal convictions.
We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.
US Job Seekers - Click to view the " Know Your Rights " poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window: eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions. Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.
**Job:** Operations
**Primary Location:** US-New York-New York
**Other Locations:** US-North Carolina-Charlotte, US-Arizona-Phoenix, US-Utah-Sandy, US-Florida-Sunrise
**Schedule** Full-time
**Req ID:** 25013509