International Privacy Practices & Risk Management Director

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical financial and mental health as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries

• Bonus incentives

• Support for financial-well-being and retirement

• Comprehensive medical dental vision life insurance and disability benefits (depending on location)

• Flexible working model with hybrid onsite or virtual arrangements depending on role and business need

• Generous paid parental leave policies (depending on your location)

• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)

• Free and confidential counseling support through our Healthy Minds program

• Career development and training opportunities

Offer of employment with American Express is conditioned upon the successful completion of a background verification check subject to applicable laws and regulations.

At American Express our culture is built on a 175-year history of innovation shared values and Leadership Behaviors and an unwavering commitment to back our customers communities and colleagues. As part of Team Amex youll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills develop as a leader and grow your career.

Here your voice and ideas matter your work makes an impact and together you will help us define the future of American Express.

Do you enjoy a dynamic collaborative work environment where you can make a mark Are you someone who knows how to drive high performing business results through people Are you detail and process-oriented and enjoy problem solving

If youve answered yes to any or all the above then you could be just who I am looking for!

There is an exciting opportunity for a highly experienced senior risk professional to join the American Express International Privacy Risk Management team and lead a first line privacy practices & risk management team. This team ensures privacy practices and privacy assurance activities are in place across lines of business.

I am looking for a Director of Privacy Practices and Risk Management to help shape American Express future in the strategically important domain of data privacy and lead the evolution of high-quality Privacy risk management standards and practices across Europe APAC and LACC and increase awareness of privacy standards effectiveness of controls compliance with regulations and adoption of industry best practice throughout the company.

Responsibility for the core privacy pillars (e.g. Notice & Transparency Retention & Disposal Data Transfers Digital Trackers etc.) in American Express will be divided across this new role and an existing Director of Privacy Practices and Risk Management. In addition both roles will be responsible for assisting business units and legal entities with the design enhancement and operationalisation of controls processes and procedures to ensure the proper usage and safeguarding of customer colleague and other confidential information.

Job Responsibilities

Key responsibilities include but are not limited to:

• Develops and nurtures the great talent within the team and network to create a pipeline of future talent

• Fosters strong collaboration and information sharing across Privacy Practices and Risk Management teams.

• Sets the privacy practices framework for core privacy pillars to be executed by 1st line Operational Risk Experts

• Provides data privacy subject matter expertise to enable the successful delivery of privacy change and regulatory compliance initiatives.

• Partners with Governance and Control management teams across Europe APAC and LACC to implement and execute high-quality Privacy risk management standards and practices and to increase awareness of privacy standards controls regulations and industry best practice.

• Assists the regional business teams and legal entities with the design enhancement and operationalisation of controls to address privacy requirements and mitigate privacy risks with particular focus on driving consistency across Europe APAC and LACC.

• Supports the deployment of privacy management technology and tools (automation) to enhance data privacy controls.

• Shapes and oversees the 1^st line of defence Privacy testing framework coordinating with 2^nd line Privacy to avoid overlap and testing duplication.

• Provides transparency to Business Unit/Legal Entity and compliance management through accurate reporting and metrics on risks issues and/or control deficiencies results of self-assessments control environment tests audits and external events that would impact the Business Unit/Legal Entitys ability to comply with applicable privacy requirements.

• Stays up to date on trends and advances in industry risk standards and works with business leaders to evaluate recommend and implement opportunities to enhance the business/legal entity privacy risk profile and management practices.

• Assists the business with preparing for privacy-related exams compliance tests and internal audits and notifies and engages 2^nd line Privacy and Compliance colleagues during such reviews.

• In partnership with 2^nd line Privacy and Compliance fosters a privacy-aware culture across the company via the creation of learning and development programs and guidance material to support colleagues to understand their roles and responsibilities in relation to privacy.

• Proactively engages and partners with stakeholders across the business to promote privacy by design and educate teams on changes to laws and regulations and external privacy practices.

• Identifies potential gaps and best practice in American Express data privacy framework. Where gaps are identified helps to develop implementable solutions that can be rolled out across Europe APAC and LACC. Similarly where best practice is identified shares the knowledge with other Operational Excellence teams and encourages implementation on a broader basis.

• Participates in privacy workgroups strategic projects or targeted reviews that require business engagement.

• Fosters one Privacy team culture of openness knowledge and information sharing willing collaboration and idea generation across the Privacy COE

Key Skills Required:

• Experience in Control Management Compliance Operational Risk or a related discipline.

• Proven experience of working in a legal & regulatory environment with tight deadlines changing information and ambiguity. Knowledge of privacy regulation essential.

• Credible leader with proven ability to develop strong talent & build diverse teams

• Prior experience implementing privacy requirements into business practices (processes & procedures) and conducting privacy operational and/or technology risk assessments an advantage.

• An understanding of processes and information flows for BUs and functions that manage customer employee data and other confidential information beneficial.

• Ability to build effective relationships with and influence senior management and stakeholders to drive an effective operating model and manage risks.

• Makes collaboration essential seeks out and values the input of others encourages a collaborative culture for their team entertains new ideas with an open mindset.

• Strong analytical capabilities confident in identifying/solving complex operational challenges and control oriented.

• Ability to cooperate seamlessly cross-function and cross-border building strong relationships & establishing trust through consistent delivery.

• Adaptable resilient and focused when driving results in a fast-paced environment.

• Able to think critically and use data-driven insights to solve problems and achieve desired outcomes.

• Execution-focused with an ability to develop strategy influence stakeholders drive implementation and measure success.

• Strong English language verbal and written communication skills with an ability to craft messages that clearly and succinctly communicate key messages for internal and external audiences at all levels of the organization.

Non-considerations for sponsorship: Employment eligibility to work with American Express in Spain is required as the company will not pursue visa sponsorship for these positions.