Analyst - Compliance, Digital Privacy
Job Description
The American Express Global Privacy Oversight (GPO) team is a Second Line of Defense (2LoD) function that provides independent oversight, effective challenge, and privacy risk expertise across the enterprise. GPO partners with business and control functions to promote a strong culture of privacy, drive compliance with internal policies and regulatory requirements, and ensure privacy risks are appropriately identified, assessed, managed, and mitigated. Through independent oversight and credible challenge, GPO helps strengthen the company's privacy risk management framework while supporting American Express' commitment to delivering the world's best customer experience every day.
This position, based in New York, reports to the Digital Privacy Director.
The successful candidate will be passionate about Digital Privacy, Artificial Intelligence (AI), and Emerging Technologies, with strong privacy subject matter expertise. They will be comfortable interacting with multiple stakeholders across a highly matrixed organization to achieve goals and will be an advocate for Privacy-by-Design. The role will primarily support independent privacy risk oversight activities related to digital products, AI use cases, and emerging technologies, ensuring privacy risks are effectively identified, assessed, managed, and mitigated in line with enterprise risk management expectations.
Provide independent privacy risk oversight to American Express businesses globally, with a particular focus on Digital Privacy, AI, and Emerging Technologies.
Support the monitoring, analysis, and reporting of privacy key risk indicators and other privacy risk management data.
Ensure adherence to the enterprise privacy risk appetite and privacy risk management framework through effective oversight, independent review, and Second Line of Defense challenge.
Review and challenge privacy risk assessments, control design, and mitigation strategies implemented by the First Line of Defense, particularly for digital initiatives, AI solutions, and emerging technology deployments.
Partner with Compliance and other stakeholders to oversee privacy legal and regulatory change management activities.
Foster a culture of privacy across American Express by promoting Privacy-by-Design, and sharing of best practices.
Support governance activities, reporting, and oversight routines that enable effective management of privacy risks across the enterprise.
Minimum Qualifications:
2 years of experience in Privacy, with particular focus on AI and emerging Technologies.
Experience or demonstrated interest in Digital Privacy, Artificial Intelligence (AI), and/or Emerging Technology risk management.
Highly organized with strong written and verbal communication skills and the ability to manage multiple priorities simultaneously.
Ability to build relationships, influence stakeholders, mobilize cross-functional and regional teams, and work independently.
Preferred Qualifications:
Master's degree or equivalent in Data Protection and Privacy.
Data Protection and Privacy Professional Certification (e.g., CIPP/E, CIPP/US).
Prior work in Compliance, Audit/or Risk management at a Digital Technology and/or financial services company preferred.
Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.