Manager - SOX IT - Risk Advisory - Finance
American Express
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.
Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.
The SOX Governance and Advisory team within Controllership (1LOD) plays a critical role in supporting the enterprise by developing and executing a risk-based plan to assess and enhance the company’s internal controls over financial reporting. The team runs a robust governance framework to ensure compliance with the company’s 2LOD objectives and requirements of the Sarbanes-Oxley Act.
The team is looking for a highly motivated and detail-oriented SOX IT Risk Advisory Manager to join our growing team. This role will help to ensure that Amex's internal controls over financial reporting with respect to IT systems and applications are in compliance with SOX. The Manager will identify and assess relevant technology controls, focusing on the relevant risks for financial reporting across all of our in-scope applications and supporting infrastructure. This will include IT General Controls covering system security, logical and physical access controls, software development and change management processes, backup recovery procedures, and cybersecurity controls as well as IT Application Controls that ensure data integrity and timeliness. The role involves extensive collaboration with Technology teams, application and process owners, related Control Management functions, and internal and external auditors.
The Manager, SOX IT Risk Advisory will:
- Collaborate with Business, Technology, Finance, SOX Governance and Testing, and internal and external audit teams for matters related to SOX technology controls
- Work with the SOX Governance team to ensure SOX scope alignment
- Identify key technology and data risks relevant to ICFR and work with the SOX Testing team to mitigate risks and strengthen SOX controls
- Consult on the control design and implementation of required and repeatable IT controls with process owners to meet regulatory requirements, including for new products, processes, and system implementations, ensuring appropriate internal controls are in place
- Serve as a subject matter expert on technology-related SOX risks and controls and provide guidance to business and technology stakeholders
- Support training and communications as needed on relevant technology risks and controls practices for the enterprise
Required Qualifications
- 4+ years of IT controls auditing and/or consulting
- Demonstrated experience understanding business and IT processes and identifying and assessing associated ITGCs, ITACs, interfaces, and key reports
- IT and IS risk domain knowledge best practices and principles
- Strong understanding of financial reporting risk and requirements of the Sarbanes-Oxley act as well as internal control frameworks (e.g., COSO)
- Excellent project management, communication, and interpersonal skills, with an ability to interact and obtain buy-in from Business and Technology owners
- Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders
- Demonstrated history and ability to work with multiple teams, spread over geographies and with varying backgrounds
Preferred Qualifications
- Bachelor's degree in Management Information Systems, Information Technology, Computer and Information Science, Accounting, Business, or a related field
- Relevant professional certifications such as CISA, CISSP, CPA, CISM, or CRISC are preferred
- Knowledge in Oracle, security, and cloud technologies
- Knowledge of industry best practices for technology controls including frameworks from ISACA, NIST, ISO, and ITIL
We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:
- Competitive base salaries
- Bonus incentives
- Support for financial-well-being and retirement
- Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
- Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
- Generous paid parental leave policies (depending on your location)
- Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
- Free and confidential counseling support through our Healthy Minds program
- Career development and training opportunities
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.