Manager - IT Audit

You Lead the Way. We ve Got Your Back.

Join Team Amex and lets lead the way together.

American Express Internal Audit Group (IAG) has reinvented our audit process and is leading the financial services industry with our Audit NextGen, Data-Driven Continuous Auditing, and Auditor of the Future initiatives. Each uniquely support our Winning Aspiration to be a world class internal audit function that:
Provides data-driven and technology-enabled assurance
Delivers timely risk insights that are business-aware and forward-looking
Supports our colleagues with experiences that prepare them to be enterprise leaders

Collectively, IAG s strategic initiatives, combined with our greatest asset our people enable IAG to utilize advanced data analysis capabilities, provide greater and continuous assurance, and help ensure quality products and services are provided to American Express customers.

IAG s innovative Data-Driven Continuous Auditing approach has led to patent-pending technology assets over our uniquely developed audit methodology and technology enablers.

We are looking for those who share our mission and aspirations and are passionate about the use of data and technology in a collaborative, people-focused environment.

About the Internal Audit Group at American Express

Our Internal Audit Group is a worldwide function with 300+ team members and offices across nine countries within American Express. Our mission is to protect and enhance organizational value by providing independent, objective, risk-based assurance, advisory services and to influence the way the company manages risk.

We are committed to growing our audit staff significantly as we continue to expand and enhance the Internal Audit Group. Our assurance and risk professionals have diverse backgrounds including internal controls, consumer compliance, technology, operational risk, financial accounting, data analytics, and banking operations. Our audit teams align to key risk areas and business units to ensure IAG can provide comprehensive and risk-based audit coverage. In addition, IAG has a Professional Practices group responsible for managing audit operations, quality, and standards; regulatory relations; reporting; training and professional development; and key internal capabilities and technologies.

About the Role:

Our Internal Audit Group (IAG) is seeking an eager Information Technology General Controls (ITGC) Audit Manager to be part of the IAG s Resource Centre of Excellence in India. In this role, the ideal candidate will be responsible for assisting on Technology audit portfolio in IAG. This is an exceptional opportunity for you to showcase and further expand your audit skills, and knowledge!

About the Team:

IAG s Resource Centre of Excellence in India spans across multiple audit portfolios within IAG. The Resource Centre of Excellence team is expected to work with global and regional audit teams to assist on audits ITGC audit coverage which includes auditing technology governance (e. g. , application development, enterprise architecture) and first-line technology risk management. The team s shift timing will have some overlap with other regions, including US, EMEA and LACC. IAG is heavily focused on utilizing a data driven auditing approach across all audit portfolios.

The Key Responsibilities of the role include:

• Participate as a key team member on audit projects responsible for assisting with annual planning and owning core audit tasks, more complex areas and challenging workloads on successive assignments
• Collaborate with audit teams to understand the data behind key processes, risk and controls to develop analytic control tests and analyze and interpret their results
• Proactively lead audit execution of audit engagements including supervise and mentor junior staff, review their workpapers, and escalate issues
• Proficient use of automated work papers, analytics and other department and company tools
  Ensure effective and efficient execution of audits in conformance with professional and department standards, budgets, and timelines
• Present audit objectives, scope, and results to senior management, clearly articulating the potential impact of control gaps in a highly professional and proficient manner
• Evaluate results, synthesize audit findings across the project, draft audit reports, and ensure effective and efficient audit execution
• Validate that actions taken by management to address findings are appropriate and document the results
• Maintain audit proficiency through ongoing professional development including data literacy skills
• Monitor a portfolio of audit analytics, assess analytic results, use the analytic data to tell the potential business story, and work with audit and business colleagues to validate that story
• Assist team leaders, senior auditors and staff auditors in accomplishing team objectives and producing results
• Lead multiple simultaneous audit projects of all sizes and complexity across multiple business areas within and outside of local region, in unfamiliar areas, and for different audit leaders
• Effectively coach, teach, mentor and develop junior colleagues and co-sourced resources in geographically diverse locations across all aspects of their role, the audit and analytic lifecycle, and audit methodology
  

Minimum Qualifications

• 7+ years of experience with retail banking financial services industry regulations and expectations in assessing/auditing information security, information technology infrastructure, technology risk management or CTO functions such as: enterprise architecture, technology resilience, employee digital workplace, API management, application development, and IT asset management
• 7+ years of experience evaluating IT and IS controls for a large global company
• BA or BS in or equivalent in Information Systems, Computer Science, Accounting, Finance, Business, or related field
• Understanding of emerging technologies and its impact to control practices
• Understanding of emerging technologies and its impact to control practices
• Ability to clearly articulate risk insights to stakeholders
• Familiarity with FFIEC IT Handbooks and NIST CSF
• Ability to collaborate with colleagues and co-sourced resources in geographically diverse locations across all aspects of their role, the audit lifecycle, audit methodology and best practices.
• Strong written and verbal communication skills that deliver high quality, actionable and value-added feedback to management on potential control issues and potential solutions to close gaps.
• Effectively works independently, within a team and across teams in a fast-paced environment to drive results, using related project management skills, employing creative thinking, a focus on quality, and the ability to work on competing priorities.
• Proven ability to support multiple projects concurrently delivering high quality work products, in compliance with internal audit standards and regulatory expectations.
• Ability to quickly resolve complex risk issues
• Ability to adapt to evolving risk landscapes
• Effective utilization of risk management tools
• Proven ability to analyze data, identify trends, and evaluate risk scenarios effectively
• High-level understanding of risk mgmt. tools within a financial services environment (e. g. , GRC tools)
• Professional Certification (CIA, CISA, CPA, or equivalent) expected

Preferred Qualifications

• 7+ years of experience of industry regulations and expectations in assessing/auditing information security, information technology infrastructure, technology risk management or CTO functions such as: enterprise architecture, technology resilience, employee digital workplace, API management, application development, and IT asset management
  Technical Cybersecurity certification (CISSP, CCSP, CEH, etc. )
• Experience with using data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards
• Experience evaluating cybersecurity risks and concepts
• Experience with large financial institutions (i. e. , G-SIB, Category III/II bank), big accounting firms or global internal audit functions
• Proven ability lead team members in a way that encourages, develops, and delivers results

Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities