← All jobs
AE

Senior Manager-Control Management

American Express

Posted 24 Jun 2026

GurugramHigh payGCCGreat Place to Work
Apply on American Express

Research American Express before you apply

Check ratings, real-employee reviews, verified pay, and interview difficulty.

Glassdoor reviewsRatings, pros/cons, CEO approvalAmbitionBoxIndia reviews, salaries, interviewsLevels.fyiVerified compensation by levelLinkedInPeople, growth, your connections

The Control Management team sits within Global Commercial Services (GCS). GCS is an integral part of the growth strategy for American Express, and the Control Management team's objective is to foster a proactive and effective control environment that ensures adherence to regulatory standards and Amex policy.

GCS Control Management is looking for a detail-oriented Senior Manager to join our team. This role is focused on independent testing and assurance of business process controls. You will be a key contributor to ensure our control environment is robust, well-documented, and operating effectively as we implement the Risk & Control Self-Assessment (RCSA) framework. This position will involve extensive collaboration with partners across Business, Products and Compliance and Data/Technology teams within US and International markets

Responsibilities

    • Develop and lead a team of Risk & control professionals to manage Independent control testing for Global Commercial Services business. 
    • Review and assess the overall design and operating effectiveness of key controls within the business processes.
    • Ensure robust documentation and high-quality evidence to support testing conclusions as well as timely and accurate updates in the system of record (e.g., RSA Archer, ServiceNow GRC or similar).
    • Partner with control owners and business process experts to conduct control walkthroughs and gain a deep understanding of the processes under review.
    • Identify, document, and report on control deficiencies, gaps, or weaknesses with clarity, providing actionable insights for remediation by the process owner.
    • Supervise and monitor the Control testing outcomes for the team to ensure accuracy and comprehensiveness prior to submission in system of record  
    • Prepare and present clear/concise reports on testing results to management, highlighting key themes and trends.
    • Proactively identify and leverage opportunities for implementation of automated control testing by partnering with inhouse capabilities and business teams  
    • Contribute to the continuous improvement of the control testing methodology, including sampling strategies and documentation standards
    • Ensure compliance with all testing requirements outlined in 2nd line Policies and Procedures (e.g., RCSA Policy and Procedures, Internal Control Framework, AEMP 39, AEMP 47 etc.)
    • Support the business in the ongoing adoption and embedding of the new Risk and Control Self-Assessment (RCSA) framework.
    • Take on ad hoc tasks such as managing testing schedule, internal QC, and supporting internal audits/regulatory exam requests etc

Qualifications

  • Minimum Qualifications

    • Minimum 8-10 years of experience in internal audit, operational risk, internal controls, or a related testing/assurance/audit function.
    • Hands-on experience with control testing methodologies, including sampling, evidence gathering, and documentation.
    • Strong analytical and problem-solving skills with a keen eye for detail and the ability to identify the root cause of control failures.
    • Excellent communication and interpersonal skills, with the ability to articulate complex issues to stakeholders clearly and concisely
    • Proven ability to work independently, manage competing priorities, and meet deadlines in a fast-paced environment.

     

    Preferred Qualifications:

    • Bachelor’s degree in finance, Business, Risk Management, or a related field. Masters/CA/CIA is a plus and preferred.
    • Direct experience with a Governance, Risk, and Compliance (GRC) tool like Archer/ServiceNow for documenting test results.
    • Familiarity with Risk and Control Self-Assessment (RCSA) frameworks.
    • Proven ability to assess both control design (i.e., is the control designed properly to mitigate risk) and operating effectiveness (i.e., is the control working as intended).
    • Experience working in a first-line-of-defense risk or control management role within a global organization.
    • MS Power Platform, SharePoint, and Tableau knowledge is preferred
    • In depth knowledge of products, procedures and policies relating to the GCS business portfolio is a plus.