Senior Manager, Privacy Regulatory Exam and Committee Governance

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you’ll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

At American Express, we are trying to establish Privacy as a strategic differentiator for the American Express brand.

The American Express Global Privacy Oversight team, within the Second Line of Defense, is a trusted advisors on compliance with privacy laws, regulations and on the American Express Data Protection & Privacy Principles. Global Privacy Oversight oversees, provides expertise in, and challenges the identification, management, and mitigation of privacy risks across the company in line with the enterprise’s Privacy Framework and with the company’s vision to provide the world’s best customer experience every day.

This position is based in Spain and reports to the Director, Global Privacy Program.

**How will you make an impact in this role?**

The Senior Privacy Manager, Regulatory Exams and Committee Governance is primarily responsible for managing the representation of elevated risks and issues to the Company’s Privacy Risk Committees, and for managing responses to audits and regulatory examinations. This role requires a deep understanding of privacy laws, regulations and best practices, as well as strong organizational and leadership skills to ensure compliance and mitigate risks effectively.

Key Responsibilities:

- Examinations and Audit Management:

- Plan, coordinate, and facilitate privacy examinations and audits conducted by regulatory authorities, internal audit teams, or third-party auditors.
- Prepare the organization for examinations and audits by conducting risk assessments, gap analyses, and readiness reviews.
- Highlight self-identified control gaps and issues (from the above-mentioned risk assessments, gap analyses, etc.) and work with Functional Owners to develop and implement plans to drive the identified control gaps and vulnerabilities to closure.
- Project-manage the execution of Audits for which the Function is in scope.
- Take the lead (collaborating with colleagues across the Function and the organization, as necessary) on developing responses to Examinations and Audits.
- Ensure timely and accurate provision of requested information and documentation to the Function’s Leadership team, and then to the regulatory authorities, internal audit teams, or third-party auditors.
- Coordinate responses to examination findings and audit findings and observations, including by developing and implementing a corrective action plans.
- Validate that actions taken to address examination findings and audit findings and observations are being sustained in BAU.
- Ensure adherence to internal exams/audit governance procedures.
- Maintain exams/audit repository.
- Committee Governance
- Support the design and management of Privacy Risk Committees, Steering Committees and other Forums.
- Identify elevated Privacy risks and significant issues to be brought before the Company’s Privacy Risk Committees.
- Gather, review and organize materials for committee meetings. Work with presenters to ensure materials are accurate, complete and submitted timely.
- Review Committee materials for completeness, clarity and alignment with Committee scope and governance standards.
- Maintain official Committee records and repository.
- Support the regulatory change management function, as needed. Monitor evolving privacy regulations, assess impact on the privacy program, and coordinate timely implementation of program changes.
- Any other Workstreams/ tasks as Business needs may require.

**Minimum Qualifications**:

- Five (5) or more years of experience in regulatory change management, audit and examination management preferably in a Regulatory Agency (Highly advantageous), in Consulting or in the Financial Services industry.
- Fluency in English.
- Experience in working on Global Privacy Programs (including facilitating the design, development and implementation of Privacy compliance strategies in large and complex jurisdictions such as Europe, the US and BRIC markets).
- Extensive knowledge and exposure to European and US Privacy Laws.
- Exceptional communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels of the organization as well as external Regulatory Authorities.
- Proven leadership abilities, including the capacity to lead and motivate cross-functional teams, drive consensus, and foster a collaborative work environment.
- Excellent time-management skills and ability to meet tight deadlines.

**Preferred Qualif