Analyst - Compliance, Digital Privacy

New York, NYFull-timePosted Jul 13, 2026
Apply

The American Express Global Privacy Oversight (GPO) team is a Second Line of Defense (2LoD) function that provides independent oversight, effective challenge, and privacy risk expertise across the enterprise. GPO partners with business and control functions to promote a strong culture of privacy, drive compliance with internal policies and regulatory requirements, and ensure privacy risks are appropriately identified, assessed, managed, and mitigated. Through independent oversight and credible challenge, GPO helps strengthen the Company's privacy risk management framework while supporting American Express' commitment to delivering the world's best customer experience every day.

This position, based in New York, reports to the Senior Manager, Colleague Privacy, within Global Privacy Oversight (Second Line of Defense).The successful candidate will be passionate about colleague privacy and data protection, with a strong interest in privacy risk management and governance. They will be comfortable interacting with multiple stakeholders across a highly matrixed organization and will help promote Privacy-by-Design and strong privacy risk management practices across the Colleague Experience Group (CEG).

The role will primarily support independent privacy risk oversight activities related to colleague (employee) personal data and workforce initiatives, ensuring privacy risks are effectively identified, assessed, managed, and mitigated in line with enterprise risk management expectations. Responsibilities include supporting privacy risk assessments, providing effective challenge to first-line stakeholders, monitoring privacy risk, partnering with Human Resources, Legal, Compliance, Risk, Technology, and other business partners, and helping to ensure compliance with applicable privacy laws, regulations, and American Express privacy requirements.

  • Provide independent privacy risk oversight to American Express businesses globally, with a particular focus on colleague privacy and workforce-related initiatives within the Colleague Experience Group (CEG).
  • Support the monitoring, analysis, and reporting of privacy key risk indicators and other privacy risk management data.
  • Ensure adherence to the enterprise privacy risk appetite and privacy risk management framework through effective oversight, independent review, and Second Line of Defense challenge.
  • Review and challenge privacy risk assessments, control design, and mitigation strategies implemented by the First Line of Defense, particularly for initiatives involving the collection, use, sharing, retention, and protection of colleague (employee) personal data.
  • Partner with Human Resources, Compliance, Legal, Risk, Technology, and other stakeholders to support privacy legal and regulatory change management activities impacting colleague privacy.
  • Foster a culture of privacy across American Express by promoting Privacy-by-Design and sharing privacy best practices.
  • Support governance activities, reporting, and oversight routines that enable the effective management of colleague privacy risks across the enterprise.

Qualifications

  • 2+ years of experience in Privacy, with particular focus on colleague privacy, workforce data, or human resources privacy. 
  • Experience or demonstrated interest in privacy risk management, employee (colleague) personal data, privacy governance, and applicable data protection requirements. 
  • Highly organized with strong written and verbal communication skills and the ability to manage multiple priorities simultaneously. 
  • Ability to build relationships, influence stakeholders, mobilize cross-functional and regional teams, and work independently. 
     

Preferred Qualifications

  • Master's degree or equivalent in Data Protection and Privacy, Law, Business, Human Resources, or a related field. 
  • Data Protection and Privacy Professional Certification (e.g., CIPP/US, CIPP/E, CIPM). 
  • Prior work in Privacy, Compliance, Audit, Human Resources, and/or Risk Management at a global organization or financial services company preferred. 
  • Experience supporting privacy risk assessments, employee data governance, or workforce-related privacy initiatives preferred. 
  • Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for this position.

 

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions. 

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free