Senior Privacy Manager - Regulatory Exams and Committee Governance

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

At American Express, we are trying to establish Privacy as a strategic differentiator for the American Express brand. How will you make an impact in this role? The American Express Global Privacy Oversight team, within the Second Line of Defense, is a trusted advisor on compliance with privacy laws, regulations and on the American Express Data Protection & Privacy Principles. Global Privacy Oversight oversees, provides expertise in, and challenges the identification, management, and mitigation of privacy risks across the company in line with the enterprise’s Privacy Framework and with the company’s vision to provide the world’s best customer experience every day.

This position is based in the UK and reports to the Director, Global Privacy Program. The Senior Privacy Manager, Regulatory Exams and Committee Governance is primarily responsible for managing the representation of elevated risks and issues to the Company’s Privacy Risk Committees, and for managing responses to audits and regulatory examinations. This role requires a deep understanding of privacy laws, regulations and best practices, as well as strong organizational and leadership skills to ensure compliance and mitigate risks effectively.

• Examinations and Audit Management: Plan, coordinate, and facilitate privacy examinations and audits conducted by regulatory authorities, internal audit teams, or third-party auditors. Prepare the organization for examinations and audits by conducting risk assessments, gap analyses, and readiness reviews. Highlight self-identified control gaps and issues and work with Functional Owners to develop and implement plans to drive the identified control gaps and vulnerabilities to closure. Project-manage the execution of Audits for which the Function is in scope. Take the lead on developing responses to Examinations and Audits. Ensure timely and accurate provision of requested information and documentation to the Function’s Leadership team, and then to the regulatory authorities, internal audit teams, or third-party auditors. Coordinate responses to examination findings and audit findings and observations, including by developing and implementing corrective action plans. Validate that actions taken to address examination findings and audit findings and observations are being sustained in BAU. Ensure adherence to internal exams/audit governance procedures. Maintain exams/audit repository.
• Committee Governance: Support the design and management of Privacy Risk Committees, Steering Committees and other Forums. Identify elevated Privacy risks and significant issues to be brought before the Company’s Privacy Risk Committees. Gather, review and organize materials for committee meetings. Work with presenters to ensure materials are accurate, complete and submitted timely. Review Committee materials for completeness, clarity and alignment with Committee scope and governance standards. Maintain official Committee records and repository.
• Support the regulatory change management function, as needed. Monitor evolving privacy regulations, assess impact on the privacy program, and coordinate timely implementation of program changes.
• Any other Workstreams/tasks as Business needs may require.

• Five (5) or more years of experience in regulatory change management, audit and examination management preferably in consulting or in the Financial Services industry.
• Experience in working on Global Privacy Programs (including facilitating the design, development and implementation of Privacy compliance strategies in large and complex jurisdictions such as Europe, the US and BRIC markets).
• Extensive knowledge and exposure to European and US Privacy Laws.
• Exceptional communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels of the organization as well as external Regulatory Authorities.
• Proven leadership abilities, including the capacity to lead and motivate cross-functional teams, drive consensus, and foster a collaborative work environment.
• Excellent time-management skills and ability to meet tight deadlines.

• Bachelor's degree in business, law, or a related field.
• IAPP Certifications such as CIPP-E, CIPP-US, AIGP highly advantageous.
• Certification in privacy audit, compliance, or related discipline preferred.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.