Audit Manager - IAG Privacy

Job Description

At American Express, our culture is built on a 175-year history of innovation, shared and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.

As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

About the Internal Audit Group at American Express:

Our Internal Audit Group is a worldwide function with 300+ team members and offices across nine countries within American Express. Our mission is to protect and enhance organizational value by providing independent, objective, risk-based assurance, advisory services and to influence the way the company manages risk.

We are committed to growing our audit staff significantly as we continue to expand and enhance the Internal Audit Group. Our assurance and risk professionals have diverse backgrounds including internal controls, consumer compliance, technology, operational risk, financial accounting, data analytics, and banking operations. Our audit teams align to key risk areas and business units to ensure IAG can provide comprehensive and risk-based audit coverage. In addition, IAG has a Professional Practices group responsible for managing audit operations, quality, and standards regulatory relations reporting training and professional development and key internal capabilities and technologies.

About the Role:

This Audit Manager role is within the IAG Privacy team, which is part of the broader IAG Financial Crime, Compliance, and Privacy audit portfolio. This privacy-focused role will be based in either London (United Kingdom) or India and will organizationally report into an IAG Privacy Audit Director & Team Leader located in London.

This role will involve working with various audit colleagues and client stakeholders located in different countries around the world, and from different teams and business units. The role will involve heightened privacy focus/specialism regarding international markets and various privacy risk/domain areas, whilst also supporting certain global, US, and international activities. The role may also involve executing some limited audit work across the broader Financial Crimes and/or Compliance audit portfolio.

Key Responsibilities:

• Serve as Auditor in Charge (AIC) on lower-risk audits, managing the audit engagement end-to-end, planning audit projects, defining objectives and scope, and coordinating with control groups, external auditors, stakeholders, and regulators to ensure effective execution conduct L1 reviews serve as the primary audit client contact

• Analyze / review audit results and documentation to evaluate effectiveness and efficiency, synthesizing audit findings

• Lead audit client meetings and walkthroughs

• Develop test steps, audit findings, and the audit report in accordance with IAG policies and procedures

• Guide team on how to validate and execute corrective actions that are impactful, sustainable, and improve the control environment of the business unit

• Support business monitoring activities with audit leadership, tracking key metrics to identify control issues and trends stay up to date with evolving industry trends, external news and regulatory changes, and analyze the impact to the business

• Delegate tasks to team members guide auditors in assessing risks, evaluating control design, and executing audit tests review and provide feedback on work papers

• Effectively coach, teach, mentor, and develop less experienced colleagues and co-sourced resources in geographically diverse locations across all aspects of their role, the audit and analytic lifecycle, audit methodology and best practices

• Conduct post-audit feedback discussions with audit team members to provide actionable feedback, support development, and recognize accomplishments

• Guide team to proactively and routinely communicate task status, roadblocks, challenges, suggesting potential solutions to the team

Minimum Qualifications:

• 5+ years of audit experience

• Prior experience working at a Big Four / G-SIB

• Demonstrates strong written and verbal communication skills to deliver deliverables with quality, and actionable value-add feedback to management on issues, opportunity areas, and deficiency solutions

• Effectively leads a team in a fast-paced environment to drive business results, utilizing related project management skills, employing creative thinking, and the ability to work on competing priorities

• Applies critical thinking to break-down complex problems into components, and solve using data analysis, process, risk control knowledge, and experience to drive risk-based conclusions and decisions

• Applies control theory and professional auditing practices throughout the audit lifecycle

• Understands regulations, regulatory risks, accounting, and financial industry best practices relevant to the business, including emerging technology and data considerations, and incorporates into the audit approach to enhance outcomes

Preferred Qualifications:

• Relevant experience in data privacy, data protection and/or compliance (ideally within financial services, banking, or card-products industries).

• Moderate/strong understanding of existing & evolving privacy laws, regulations, and regulatory guidance, and regulatory enforcement trends.

• Currently has (or is willing to develop) deep knowledge and experience regarding certain key / complex / evolving privacy risk/domain areas - for example: privacy considerations associated with the use of Artificial Intelligence cookies & digital trackers privacy-by-design-and-default privacy rights privacy program management privacy-enabling/enhancing technologies privacy notices privacy choice and consent.

• Attained or currently working towards (or willing to work towards) relevant privacy certifications - for example:

  • Certified Information Privacy Professional (CIPP) (US / Europe / Asia / Canada / China)

  • Certified Information Privacy Manager (CIPM)

  • Certified Information Privacy Technologist (CIPT)

  • Certified Artificial Intelligence Governance Professional (AIGP)

• Experience with data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), information systems / technology, and scorecards / dashboards, etc.

• Interest in working with data, interpreting results, analytic best practices and experience with data analytics tools and data visualization

• Strong written & verbal communication skills that deliver quality, actionable and beneficial feedback to management on potential control issues & solutions to close gaps/deficiencies.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.