Director & Counsel - Cybersecurity, Privacy, & Resiliency Contracting

American Express•New York, NY

About The Position

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. About the General Counsel’s Organization (GCO) The General Counsel’s Organization (GCO) of American Express is where great legal minds influence global business strategy. The GCO’s mission is to protect and strengthen American Express through legal expertise and strategic advice that helps business partners manage risk, identify opportunities, and deliver on the company’s promise of exceptional products and services. As part of Team Amex, you’ll experience comprehensive support for your well-being, opportunities to grow as a leader, and an environment where your voice and ideas matter and your work makes an impact. Role Summary The Director & Counsel – Cybersecurity, Privacy, & Resiliency Contracting will join the Enterprise Innovation & Technology legal team, which supports enterprise technology, cybersecurity, procurement, resiliency and other core operational functions. The Director & Counsel will serve as a subject matter expert on cybersecurity, resiliency and privacy contracting to support procurement and commercial transactions across the company. This role will join the recently established Contracting Architecture & Practice function and partner with the legal team supporting cybersecurity and resiliency regulatory matters. This role reflects a continued evolution in how the company’s legal function supports enterprise-critical relationships, increasing volumes of complex vendor transactions, and strategic business relationships.

Requirements

J.D. and admission to practice law in at least one U.S. jurisdiction.
6+ years of experience in technology transactions, outsourcing, commercial transactions, or a related large-scale contracting practice in a law firm and/or in-house legal department.
Significant experience negotiating cybersecurity, privacy, data protection, and resiliency terms in complex commercial agreements.
Significant experience advising on global legal requirements and industry best practices relevant to financial institutions in areas such as third-party risk management, cybersecurity, privacy and operational resiliency (i.e., GDPR, GLBA, NYDFS Part 500, FFIEC IT Handbooks, CCPA/CPRA, ISO 27001, NIST, SOC 2, DORA).
Demonstrated ability to balance legal risk, regulatory expectations, operational realities, and commercial objectives in contract negotiations.
Strong analytical, drafting, negotiation, and problem-solving skills.
Ability to communicate complex issues clearly and persuasively.
Demonstrated success gaining credibility, managing expectations, and developing strong working relationships with legal colleagues and clients.

Nice To Haves

Experience supporting enterprise procurement or other large-scale operational functions.
Experience developing and implementing contracting playbooks, fallback positions, escalation frameworks, and legal guardrails at scale.
Experience in a high-volume contracting environment with responsibility for handling complex negotiations efficiently and consistently.
Familiarity with legal operations, workflow design, and technology-enabled contracting environments.
Experience leading organizational change initiatives within sophisticated in-house legal teams.
Experience within a financial institution or similarly regulated industry.

Responsibilities

Establishing enterprise legal guardrails and negotiation standards governing cybersecurity, privacy and resiliency contract terms.
Personally leading negotiation of risk-based cybersecurity, privacy and resiliency provisions in a high volume of complex procurement and commercial transactions across the company.
Serving as a trusted advisor to the technology, privacy and enterprise resiliency teams and other senior business stakeholders on contract strategy, fallback positions, and risk allocation.
Driving consistency, efficiency, and sound judgment in how legal teams approach cybersecurity, privacy and resiliency contracting issues.
Enhancing and scaling contracting standards, playbooks, escalation frameworks, and engagement models to support efficient, high-quality legal support.
Serve as the lead legal subject matter expert for cybersecurity, privacy, and resiliency contracting terms across procurement and commercial engagements.
Establish and maintain enterprise guardrails, fallback language, and negotiation playbooks for key cybersecurity, privacy, and resiliency provisions.
Directly negotiate complex contractual provisions relating to cybersecurity, privacy, data use, incident response, audit rights, resiliency, business continuity, subcontracting, and related operational risk matters.
Advise legal and business stakeholders on market positions, emerging risks, and practical approaches to resolving difficult negotiation issues.
Define when specialized legal review is required and ensure recurring issues are translated into scalable standards and guidance.
Promote consistency in how cyber, privacy, and resiliency risks are assessed and addressed across business units and transaction types.
Partner with legal colleagues supporting cybersecurity, privacy, and resiliency regulatory matters to align contractual requirements with legal and regulatory expectations.
Lead, develop, and mentor team members, setting clear expectations for performance, quality, and collaboration.
Help prioritize work in alignment with company strategy, transaction volume, and legal risk, allocating resources effectively during both steady-state and surge periods.
Calibrate level of engagement across matters based on complexity, strategic importance, and risk.
Foster a culture of ownership, precision, commercial pragmatism, and practical problem-solving.
Strengthen the structural foundation for scalable contracting support, including standards, workflows, and decision frameworks.
Establish performance indicators and feedback mechanisms to drive continuous improvement in the delivery of cyber, privacy, and resiliency contracting support.
Identify recurring friction points in negotiation processes and implement practical enhancements that improve consistency, speed, and clarity.
Support thoughtful incorporation of automation and emerging technologies into contracting workflows, consistent with legal risk management principles.

Benefits

Competitive base salaries
Bonus incentives
6%25 Company Match on retirement savings plan
Free financial coaching and financial well-being support
Comprehensive medical, dental, vision, life insurance, and disability benefits
Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy
Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
Free and confidential counseling support through our Healthy Minds program
Career development and training opportunities