Manager - Privacy Risk

Are you an experienced risk manager who’s looking for a new challenge? Are you detail and process-oriented and enjoy problem solving? Do you enjoy a dynamic, collaborative work environment where you can make a mark? Are you passionately curious with an impulse to seek new information and experiences and explore novel possibilities?

If you've answered 'yes' to any or all the above, then you could be just who I am looking for!

There is an exciting opportunity for a highly experienced Risk Manager to join the American Express Privacy Center of Excellence (COE) – part of International Operational Excellence.

The first line privacy practices & risk management teams within the Privacy COE are responsible for the implementation of high-quality Privacy risk management standards and practices across Europe, APAC and LACC and increasing the awareness of privacy standards, the effectiveness of controls, compliance with regulations, and the adoption of industry best practice throughout the company.

As a member of the privacy practices and risk management teams, you will work on the core privacy pillars (e.g., Notice & Transparency, Retention & Disposal, Data Transfers, Digital Trackers etc.) in American Express and will be responsible for assisting regional business units across Europe, APAC and LACC with the design, enhancement and operationalization of controls, processes, and procedures to ensure the proper usage and safeguarding of customer, colleague, and other confidential information.

Reporting to the Director, International Privacy Practices & Risk Management, this role will support the evolution of high-quality Privacy risk management standards and practices across Europe, APAC and LACC and increase awareness of privacy standards, controls, regulations, and industry best practice.

How will you make an impact in this role?

Key responsibilities include, but are not limited to:

Privacy Risk Management:

• Governance framework: Partner with Operational Excellence teams to implement and execute high-quality Privacy risk management standards and practices across Europe, APAC and LACC. Facilitate alignment/approvals from legal entity governance bodies,
• Advice and Guidance: Provide ad hoc guidance and support on privacy queries from the business
• Issue Prevention: Support the business activities to prevent and resolve Privacy issues via root cause analysis, effective process and controls design and execution
• Process Excellence: Partner with business stakeholders to drive process and control excellence to improve business processes and controls and enhance efficiency, effectiveness, and productivity.
• Process Risk Self-Assessment: Support privacy process owners in creating and documenting their process in addition to the risks and controls in their process using the PRSA methodology, driving consistent and accurate data completion and identifying when Legitimate Interest Assessments and Data Protection Impact Assessments are required.
• Subject Matter Expert (SME): Providing SME direction and guidance to multi-disciplinary projects across Europe to ensure compliance with privacy legislation
• Procedures and Guidance: Drafting and updating internal procedures and guidance
• Monitoring & Testing: Drive the implementation of a robust 1st line of defence Privacy testing framework across Europe, APAC and LACC. Engage and liaise with the Data Governance teams to support key business process testing/monitoring programs for core privacy pillars
• Management Information Reporting – Create and distribute accurate reporting and metrics on risks, issues and control deficiencies, results of self-assessments, control environment, tests, audits, and external events that would impact the Business Unit/Legal Entity’s ability to comply with applicable privacy requirements
• Innovation: Work with product teams to identify and implement tooling and automation for developing our technical privacy controls
• Training and Awareness: Proactively engage and partner with stakeholders across the business to promote privacy by design, and the privacy and risk function and educate teams on changes to laws and regulations and external privacy practices

Minimum Qualifications:

• Significant years of experience in Operational Risk, Compliance or a related discipline, preferably within the financial services industry.
• Understanding of GDPR and enthusiasm for privacy and data protection
• Experience in implementing regulatory requirements into business practices (processes & procedures), with an understanding of processes and information flows for business and operational units that manage customer, employee data and other confidential information
• Demonstrates a will to win, to deliver change in a challenging environment.
• Experience of working with geographically dispersed colleagues across multiple lines of businesses
• Highly skilled at negotiation to drive progress towards critical outcomes
• Must be able to work well with different areas of the organization, building strong relationships & establishing trust through predictable delivery
• Ability to thrive in a fast paced and fluid business environment.
• Proven experience of working in a legal & regulatory environment with tight deadlines, changing information and ambiguity. Knowledge of privacy regulation preferred
• Strong verbal and written communication skills, with an ability to craft messages that clearly and succinctly communicate key messages for internal and external audiences at all levels of the organization

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible work arrangements and schedules with hybrid and virtual options with Amex Flex
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

To complete your application, please click on the links below. However, if you require any assistance with the completion of this process – or need any reasonable adjustments to be made – then please contact the Recruitment Team on recruitment.support.uk@aexp.com