JOB DESCRIPTION

Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and build a unique career with the Powerful Backing of American Express. With a range of opportunities to work with the latest technologies, and a commitment to back the broader engineering community through open source, our mission is to power your success. Because Amex Tech is powered by our technology, our culture, and our colleagues.

The Technology organization enables and accelerates the company’s growth strategies, delivering global capabilities and services in support of Amex’s customers and colleagues, while maintaining 24/7 servicing and availability to ensure an uninterrupted, high-quality customer experience. Technology provides the foundation for everything we do in the company while driving differentiation through building and leveraging innovative technology and data insights.

Joining ETS Governance & Control means helping protect American Express customers and company through integrated, intelligence-driven technology risk and control management. Operating at the intersection of technology, governance, and risk, the team partners across the enterprise to modernize the foundation, advance risk intelligence, demonstrate trust at scale, and reduce material risk-enabling innovation with the right controls in place.

By building simplified, consistent frameworks and embedding continuous assurance, ETS Governance & Control enhances transparency, accountability, and sustainable risk reduction. The work is about empowering confident decisions, accelerating responsible delivery, and ensuring controls evolve with the business to strengthen trust and reduce enterprise risk at scale.

As part of the Enterprise Technology Services (ETS) Governance & Control organization, the objective of the Policies & Standards Associate is to develop, support, and enhance Technology (IT) and Information & Cyber Security (IS) policies and standards.

This Role Enables

• Consistent, high-quality documentation of technology policies, standards, and procedures

• Improved traceability between policy requirements, controls, and risk frameworks

• Stronger alignment between policy intent, operational procedures, and compliance requirements

RESPONSIBILITIES

As Policies & Standards Sr Associate

• Contribute to a collaborative team environment focused on policy governance and operational excellence.

• Support senior team members and leadership in executing program priorities.

• Demonstrate a continuous improvement mindset and proactively identify opportunities to enhance processes and governing documents

**Policy & Standards Lifecycle Governance: **Manage and support the end-to-end lifecycle of technology and information security policies (drafting through retirement), ensuring documentation quality, governance compliance, inventory maintenance, and stakeholder coordination for timely updates and attestations.

**Program Execution & Documentation Management: **Drive standardization and digitization of policy documentation using templates and metadata, enforce version control and audit readiness, align content with risk/control frameworks, and support reporting on lifecycle status and compliance metrics.

**Policy Consolidation & Rationalization: **Identify and address overlaps, gaps, and redundancies across policies and procedures, supporting consolidation efforts to streamline frameworks and ensure alignment between policy intent and operational execution.

**Stakeholder Engagement & Collaboration: **Collaborate with cross-functional teams and SMEs to gather inputs, validate content, facilitate workshops, and guide stakeholders on policy governance, structure, and documentation standards.

QUALIFICATIONS

• Bachelor’s degree is required
• 3-5 + years of experience in technology risk management, audit, or consulting
• Excellent project management skills, experience supporting documentation of policies, standards, and/or procedures in a regulated environment
• Familiarity with policy lifecycle processes and governance frameworks
• Outstanding written and verbal communication skills with excellent attention to detail. Advanced proficiency with Word, Excel, PowerPoint, and AI tools
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment

Preferred Qualifications

• Advanced degrees (e.g., MBA, MSc) or certifications are advantageous
• Previous technology/cyber risk experience and/or in financial services, banking, or other highly-regulated industries
• Experience in Policy Management, Risk & Control, Information Security Governance, Compliance, or related fields
• Experience with Information Security policy and program drafting, writing, and editing
• Exposure to regulatory and industry frameworks (e.g., GLBA, NYDFS, FFIEC, NIST, CRI Profile, ISO, PCI DSS)
• Experience with policy management or governance tools/workflows
• Experience with composing, reporting, and presenting information security / technology risk materials to varied audiences, including executive audiences
• Understanding of risk and control frameworks (e.g., RCSA, control libraries)
• Experience supporting audits or regulatory reviews
• Relevant certifications (e.g., CISA, CRISC, or similar) are a plus

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.