Job Details

Description

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

Product risk reviews aid in protecting our enterprise value by providing timely and reliable technology risk guidance to influence critical business and technology decisions. As emerging technologies and threats rapidly evolve, our mission remains to regularly and accurately identify, measure, catalog, and communicate technology and information security risk—while enabling responsible innovation.

This role will serve as the team’s subject matter expert (SME) in Blockchain / Distributed Ledger Technology (DLT), Generative AI, and Agentic AI systems. The role combines deep hands-on technical expertise with strong domain knowledge in technology and cybersecurity risk. The individual will work across business and technology teams to ensure innovative customer-facing capabilities are designed, developed, and deployed securely and in alignment with enterprise risk frameworks.

Responsibilities include:

• Lead end-to-end technology and security risk reviews for customer-facing products leveraging Blockchain, Web3, Generative AI, LLMs, and Agentic AI systems, identifying risk exposures and recommending pragmatic risk reduction strategies

• Serve as the enterprise SME for Blockchain, smart contracts, digital assets, decentralized architectures, Gen AI/LLM implementations, model fine-tuning, prompt engineering controls, and autonomous agent frameworks

• Evaluate solution architectures and code-level implementations (e.g., Python-based ML pipelines, smart contracts in Solidity/Rust, API integrations, cloud-native AI deployments) to assess control design, secure development practices, and operational resilience

• Assess AI/ML model lifecycle risks , including training data governance, model bias, explainability, drift, prompt injection, model abuse, adversarial threats, synthetic media risk, and third-party model dependencies

• Provide risk guidance on digital asset ecosystems , including wallet integrations, tokenization models, smart contract security, cryptographic controls, key management, and distributed infrastructure

• Partner closely with Technology, Product, Business Control Management, Operational Risk, and GCO to ensure emerging technology initiatives are aligned with enterprise security standards, regulatory expectations, and risk appetite

• Translate highly technical concepts into clear, actionable risk insights for senior leadership and non-technical stakeholders, enabling informed decision-making without unnecessarily constraining innovation

• Influence secure design early in the product lifecycle , embedding security-by-design and responsible AI principles into architecture, development, and deployment practices

• Contribute to enhancement of risk frameworks and standards to address evolving risks in AI, blockchain, digital identity, and decentralized systems

• Document current and future state capabilities , identifying opportunities to leverage industry-leading technologies and control patterns to enhance the company’s ability to manage emerging technology risk

• Develop metrics, reporting, and governance artifacts to measure the effectiveness of AI and blockchain risk management practices

• Collaborate across all levels of the organization , influencing without authority and fostering a culture of secure, responsible innovation

Minimum Qualifications

Required Experience & Skills:

• 8 years of progressive experience in software engineering, AI/ML development, blockchain/DLT engineering, or emerging technology architecture, with demonstrated exposure to technology and cybersecurity risk management

• Strong hands-on development experience in languages such as Python, Rust, Solidity, or JavaScript, with familiarity across modern development stacks (cloud-native, API-driven, CI/CD pipelines, containerization)

• Deep understanding of Generative AI and LLM ecosystems, including prompt engineering, instruction fine-tuning, model evaluation, and ML frameworks (e.g., TensorFlow, PyTorch, HuggingFace)

• Strong knowledge of blockchain protocols and frameworks (e.g., Ethereum, Hyperledger, Corda, XRPL, Polygon), smart contract development, tokenization models, and cryptographic fundamentals

• Experience assessing secure software development practices and identifying control weaknesses in complex distributed systems

• Demonstrated understanding of AI/ML and blockchain risk domains, including data governance, model risk, privacy, cryptographic key management, adversarial threats, and decentralized infrastructure risks

• Ability to evaluate both domain-specific risks (e.g., smart contract vulnerabilities, prompt injection, model abuse) and broader enterprise technology risks (e.g., cloud security, DevSecOps, identity and access management)

• Strong understanding of technology risk management frameworks and governance processes; familiarity with GRC platforms such as Archer preferred

• Exceptional written and verbal communication skills, with the ability to present complex technical concepts clearly to executive audiences

• Proven collaboration skills with the ability to influence cross-functional stakeholders without direct authority

• Strong time management skills and the ability to prioritize across multiple high-visibility initiatives

• Demonstrated intellectual curiosity and commitment to staying at the forefront of emerging technologies and industry standards

Preferred Qualifications

• Experience designing or reviewing smart contracts, decentralized applications (dApps), AI/ML pipelines, or intelligent agent architectures

• Exposure to financial services, fintech, digital identity, or digital asset ecosystems

• Experience in technology control assessments, audit, or regulatory environments

• Certifications such as CISSP, CISM, Certified Blockchain Developer, or relevant AI/ML certifications preferred

Qualifications

Salary Range: $123,000.00 to $215,250.00 annually bonus benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries

• Bonus incentives

• 6% Company Match on retirement savings plan

• Free financial coaching and financial well-being support

• Comprehensive medical, dental, vision, life insurance, and disability benefits

• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need

• 20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy

• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)

• Free and confidential counseling support through our Healthy Minds program

• Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site .

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. American Express will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, American Express will comply with such regulations as it relates to the consideration of applicants with criminal convictions.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers - Click to view the “ Know Your Rights ” poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window: https://www.eeoc.gov/poster

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.

Job: Technologies

Primary Location: US-Arizona-Phoenix

Schedule Full-time

Req ID: 26003556