Job Details

Description

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.

As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

About the General Counsel’s Organization (GCO)

The General Counsel’s Organization (GCO) of American Express is where great legal minds influence global business strategy.

The GCO’s mission is to protect and strengthen American Express through legal expertise and strategic advice that helps business partners manage risk, identify opportunities, and deliver on the company’s promise of exceptional products and services. As part of Team Amex, you’ll experience comprehensive support for your well-being, opportunities to grow as a leader, and an environment where your voice and ideas matter and your work makes an impact.

Role Summary

The Director & Counsel – Cybersecurity, Privacy, & Resiliency Contracting will join the Enterprise Innovation & Technology legal team, which supports enterprise technology, cybersecurity, procurement, resiliency and other core operational functions. The Director & Counsel will serve as a subject matter expert on cybersecurity, resiliency and privacy contracting to support procurement and commercial transactions across the company. This role will join the recently established Contracting Architecture & Practice function and partner with the legal team supporting cybersecurity and resiliency regulatory matters. This role reflects a continued evolution in how the company’s legal function supports enterprise-critical relationships, increasing volumes of complex vendor transactions, and strategic business relationships.

Core Accountabilities

The Director & Counsel is accountable for:

• Establishing enterprise legal guardrails and negotiation standards governing cybersecurity, privacy and resiliency contract terms.

• Personally leading negotiation of risk-based cybersecurity, privacy and resiliency provisions in a high volume of complex procurement and commercial transactions across the company.

• Serving as a trusted advisor to the technology, privacy and enterprise resiliency teams and other senior business stakeholders on contract strategy, fallback positions, and risk allocation.

• Driving consistency, efficiency, and sound judgment in how legal teams approach cybersecurity, privacy and resiliency contracting issues.

• Enhancing and scaling contracting standards, playbooks, escalation frameworks, and engagement models to support efficient, high-quality legal support.

Key Responsibilities

Subject Matter Expertise for Cybersecurity, Privacy, and Resiliency Contracting Terms

• Serve as the lead legal subject matter expert for cybersecurity, privacy, and resiliency contracting terms across procurement and commercial engagements.

• Establish and maintain enterprise guardrails, fallback language, and negotiation playbooks for key cybersecurity, privacy, and resiliency provisions.

• Directly negotiate complex contractual provisions relating to cybersecurity, privacy, data use, incident response, audit rights, resiliency, business continuity, subcontracting, and related operational risk matters.

• Advise legal and business stakeholders on market positions, emerging risks, and practical approaches to resolving difficult negotiation issues.

• Define when specialized legal review is required and ensure recurring issues are translated into scalable standards and guidance.

• Promote consistency in how cyber, privacy, and resiliency risks are assessed and addressed across business units and transaction types.

• Partner with legal colleagues supporting cybersecurity, privacy, and resiliency regulatory matters to align contractual requirements with legal and regulatory expectations.

Team Leadership

• Lead, develop, and mentor team members, setting clear expectations for performance, quality, and collaboration.

• Help prioritize work in alignment with company strategy, transaction volume, and legal risk, allocating resources effectively during both steady-state and surge periods.

• Calibrate level of engagement across matters based on complexity, strategic importance, and risk.

• Foster a culture of ownership, precision, commercial pragmatism, and practical problem-solving.

Continuous Improvement & Modernization

• Strengthen the structural foundation for scalable contracting support, including standards, workflows, and decision frameworks.

• Establish performance indicators and feedback mechanisms to drive continuous improvement in the delivery of cyber, privacy, and resiliency contracting support.

• Identify recurring friction points in negotiation processes and implement practical enhancements that improve consistency, speed, and clarity.

• Support thoughtful incorporation of automation and emerging technologies into contracting workflows, consistent with legal risk management principles.

Minimum Qualifications:

• J.D. and admission to practice law in at least one U.S. jurisdiction.

• 6 years of experience in technology transactions, outsourcing, commercial transactions, or a related large-scale contracting practice in a law firm and/or in-house legal department.

• Significant experience negotiating cybersecurity, privacy, data protection, and resiliency terms in complex commercial agreements.

• Significant experience advising on global legal requirements and industry best practices relevant to financial institutions in areas such as third-party risk management, cybersecurity, privacy and operational resiliency (i.e., GDPR, GLBA, NYDFS Part 500, FFIEC IT Handbooks, CCPA/CPRA, ISO 27001, NIST, SOC 2, DORA).

• Demonstrated ability to balance legal risk, regulatory expectations, operational realities, and commercial objectives in contract negotiations.

• Strong analytical, drafting, negotiation, and problem-solving skills.

• Ability to communicate complex issues clearly and persuasively.

• Demonstrated success gaining credibility, managing expectations, and developing strong working relationships with legal colleagues and clients.

Preferred qualifications:

• Experience supporting enterprise procurement or other large-scale operational functions.

• Experience developing and implementing contracting playbooks, fallback positions, escalation frameworks, and legal guardrails at scale.

• Experience in a high-volume contracting environment with responsibility for handling complex negotiations efficiently and consistently.

• Familiarity with legal operations, workflow design, and technology-enabled contracting environments.

• Experience leading organizational change initiatives within sophisticated in-house legal teams.

• Experience within a financial institution or similarly regulated industry.

Qualifications

Salary Range: $144,250.00 to $256,250.00 annually bonus equity (if applicable) benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries

• Bonus incentives

• 6% Company Match on retirement savings plan

• Free financial coaching and financial well-being support

• Comprehensive medical, dental, vision, life insurance, and disability benefits

• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need

• 20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy

• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)

• Free and confidential counseling support through our Healthy Minds program

• Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site .

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. American Express will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, American Express will comply with such regulations as it relates to the consideration of applicants with criminal convictions.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers - Click to view the “ Know Your Rights ” poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window: https://www.eeoc.gov/poster

• Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

Job: Legal

Primary Location: US-New York-New York

Schedule Full-time

Req ID: 26004694