This job has expired

Director & Counsel, Cyber Security and Third Party Risk

American Express
Closing date
15 Apr 2021

View more

Contract Type
You need to sign in or create an account to save a job.

Job Details

You'll do more than the expected. You'll do the unexpected.
General Counsel's Organization:
Where great legal minds influence global business strategy.
This role is for a senior level lawyer to join the General Counsel's Organization (GCO) at American Express at the Director & Counsel level providing legal support to colleagues throughout the world in American Express' technology, business and legal functions on issues related to cyber security, resiliency, and outsourcing and third party risk.
Role and Responsibilities:
Collaborate with colleagues around the world on cutting edge cyber security, resiliency and outsourcing and third party risk legal issues.
The ideal candidate is a strategic thinker with strong analytical skills who has experience in emerging technology, cyber security, existing and emerging laws and regulations impacting technology, cyber security, the financial sector and outsourcing and third party risk, and has a demonstrated aptitude for negotiating security terms in contracts and providing legal advice during security and operational incidents. Experience with other aspects of data protection, authentication, and financial sector regulation is a plus.
The candidate will need to be confident and able to build relationships, work closely and communicate effectively with internal clients and legal department colleagues throughout Europe, the U.S. and Asia on a routine basis.
The Director & Counsel role will be based in London, a member of the Technology & Digital Law Group. The candidate will be responsible for providing legal advice before and during cyber security and operational incidents; drafting and negotiating security-related contract terms; advising on outsourcing and third party risk and cyber security regulatory issues; and monitoring legal developments and engaging in public policy consultations. This position will report to the Vice President & Senior Counsel, Cyber Security and Third Party Risk based in New York.
Primary Responsibilities:
  • Provide legal support and strategic advice to the internal American Express groups responsible for managing technology, resiliency and cyber security risk and for managing outsourcing and other third party risk.
  • Develop, draft and negotiate cyber security contract requirements on a global basis across all American Express business units and entities, with a particular focus on Europe and Asia.
  • Provide legal support to American Express to prepare for and during security or operational incidents and advise the Enterprise Incident Response Program regarding legal and regulatory obligations related to data subject and authority notifications.
  • Monitor and advise on global emerging technology, cyber security, resiliency and outsourcing and third party risk management regulatory requirements and trends. Assist in the development of American Express strategy and policies in response to and anticipation of regulatory developments and industry trends.
  • Provide support as needed during financial regulatory examinations and inquiries from authorities related to cyber security and third party risk.
  • Review new digital products and services for compliance with cyber security, authentication and outsourcing and third party risk requirements.
  • Build positive working relationships across the legal department, business and technology teams and build relationships with external industry and trade groups. The role is expected to partner closely with our privacy legal team.
  • Respond to public policy consultations and supporting regulatory engagement on matters related to emerging technology, cyber security, resiliency and outsourcing and third party risk.
  • Implement and improve methods for legal knowledge management within the team.
  • Brief colleagues and clients on significant developments and projects.
  • Prepare and support the delivery of internal training on legal cyber security and third party risk issues and American Express processes regarding contracting and incident response.
  • Obtain legal opinions and advice from outside counsel, as needed, and manage related budgets.
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.


Specific Experience Required:
  • Significant years PQE with a material body of relevant post-qualification experience related to incident response, contract negotiations, and advising on cyber security and outsourcing and third party risk legal matters.
  • Qualified to practice law and provide legal advice in an EU jurisdiction with ability and willingness to qualify in UK (if not already so qualified).
  • Fluency in English; other European languages or local law competency helpful.
Required Personal Attributes:
  • Strong interest in digital products and emerging technology, cyber security and outsourcing and third party risk issues.
  • Ability to build strong working relationships with and communicate effectively across business, legal and technology colleagues around the world.
  • Self-starter capable of effectively working across an international legal team with colleagues based primarily in London, the U.S. and Asia.
  • Ability to advise colleagues in a commercially practical, hands-on, and common sense manner.
  • Strong analytical and problem solving skills with proven record of ability to grasp complex issues quickly.
  • Prepared to take the lead and make appropriate recommendations to management and brief stakeholders at all levels of the organisation orally and in writing, particularly during incident response.
  • Strong drafting, research, negotiation and influencing skills.
  • Ability to manage and prioritise a wide variety of matters and stakeholders.
  • Strong knowledge-management and organisational skills, and proven record of identifying and implementing improvements to enhance efficiency and productivity.
  • Willing to learn about the various business groups at American Express as well as the applicable regulatory environment and to leverage experience gained in this position to expand skill set for future career growth at American Express.
  • Committed to the American Express values, with high personal work standards.
Why American Express?
There's a difference between having a job and making a difference.
Amex have been making a difference in people's lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.
We've also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they're ready to take on a new career path, we're right there with them, giving them the guidance and momentum into the best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don't make a difference without it.
Don't live life without it.
To complete your application please click on the links below. However, if you require any assistance with the completion of this process - or need any reasonable adjustments to be made - then please contact the Recruitment Team on
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert