Research American Express before you apply
Check ratings, real-employee reviews, verified pay, and interview difficulty.
The Control Management team sits within Global Commercial Services (GCS). GCS is an integral part of the growth strategy for American Express, and the Control Management team's objective is to foster a proactive and effective control environment that ensures adherence to regulatory standards and Amex policy.
GCS Control Management is looking for a detail-oriented and analytical Analyst to join our team. This role is focused on independent testing and assurance of business process controls. You will be a key contributor to ensure our control environment is robust, well-documented, and operating effectively as we implement the Risk & Control Self-Assessment (RCSA) framework. This position will involve extensive collaboration with partners across Business, Products and Compliance and Data/Technology teams within US and International markets.
Responsibilities
- Execute independent control testing to assess both the design effectiveness and operating effectiveness of key controls within the business processes.
- Gather and document robust, high-quality evidence to support testing conclusions, and ensure timely and accurate updates in the system of record (e.g., RCSA Archer, ServiceNow GRC or similar).
- Partner with control owners and business process experts to conduct control walkthroughs and gain a deep understanding of the processes under review.
- Identify, document, and report on control deficiencies, gaps, or weaknesses with clarity, providing actionable insights for remediation by the process owner.
- Prepare clear and concise reports on testing results for management, highlighting key themes and trends.
- Contribute to the continuous improvement of the control testing methodology, including sampling strategies and documentation standards.
- Ensure compliance with all testing requirements outlined in 2nd line Policies and Procedures (e.g., RCSA Policy and Procedures, Control Testing Standards, Internal Control Framework, AEMP 39, AEMP 47 etc.)
- Support the business in the ongoing adoption and embedding of the new Risk and Control Self-Assessment (RCSA) framework.
- Take on ad hoc tasks such as managing testing schedule, internal QC, and supporting internal audits/regulatory exam requests etc.
Qualifications
Minimum Qualifications:
- Minimum 4-5 years of experience in Internal Audit, operational risk, internal controls, or a related testing/assurance/audit function.
- Hands-on experience with control testing methodologies, including sampling, evidence gathering, and documentation.
- Strong analytical and problem-solving skills with a keen eye for detail and the ability to identify the root cause of control failures.
- Excellent communication and interpersonal skills, with the ability to articulate complex issues to stakeholders clearly and concisely.
- Proven ability to work independently, manage competing priorities, and meet deadlines in a fast-paced environment.
Preferred Qualifications:
- Bachelor’s degree in Finance, Business, Risk Management, or a related field. Masters/CA/CIA is a plus and preferred.
- Direct experience with a Governance, Risk, and Compliance (GRC) tool like Archer/ServiceNow for documenting test results.
- Familiarity with Risk and Control Self-Assessment (RCSA) frameworks.
- Proven ability to assess both control design (i.e., is the control designed properly to mitigate risk) and operating effectiveness (i.e., is the control working as intended).
- Experience working in a first-line-of-defense risk or control management role within a global organization.
- MS Power Platform, SharePoint, and Tableau knowledge is preferred
- In depth knowledge of products, procedures and policies relating to the GCS business portfolio is a plus.