**Description** At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. The Director – Compliance (1LOD Compliance Function) will play a pivotal role in managing and remediating compliance issues across the enterprise. As part of a newly expanded First Line of Defense Compliance team, this leader is responsible for supporting the compliance issue management processes aligned to the refreshed AEMP39 operating model. The ideal candidate brings deep regulatory expertise, strong risk acumen, and the ability to drive compliance excellence within a complex, matrixed financial services environment. This role is distinct from advisory or embedded business roles. It directly executes compliance responsibilities for the 1LOD on behalf of the business, ensuring a proactive and consistent approach to compliance risk identification, escalation, and mitigation. **Functional Alignment: 1LOD Compliance Team – Controls & Issue Management** Key responsibilities include: + Operating as a central point of accountability for compliance-related issues management within assigned business areas + Supporting a centralized issue remediation program, including action planning, tracking, validation, and closure + Providing objective compliance risk assessments on emerging issues and exam readiness + Partnering closely with 2LOD to ensure accurate root cause analysis and sustainable control improvements **Core Responsibilities** + Lead the end-to-end compliance issue lifecycle across assigned business units, including MRAs, IAG / external audit findings, 2 nd line findings, regulatory exam observations, and self-identified issues. + Deliver enterprise-wide issue escalation protocols, ensuring compliance issues are reported accurately, timely, and escalated when warranted. + Execute controls testing and validation of corrective action plans in partnership with business process owners and 2LOD. + Serve as a liaison between the 1LOD Compliance team, the Technology organization, and key governance committees. + Implement standardized frameworks, processes, and documentation for issue management per AEMP39. + Provide reporting and insights to Compliance leadership, Risk Committees, and Business Governance forums. + Identify trends, emerging risks, and systemic issues to support continuous improvement and compliance maturity. **Strategic Role within AEMP39 Transformation** This role is critical to achieving the strategic outcomes of the AEMP39 Compliance Policy refresh, which redefines the responsibilities of 1LOD and emphasizes: + Direct accountability for day-to-day compliance risk management by the First Line Execution of the Compliance Program elements (e.g., Issue Management, Risk Assessments, Monitoring & Testing) in partnership with 2LOD + Alignment to an enterprise-wide target operating model (TOM) and compliance governance structure + Implementation of an integrated, tech-enabled compliance toolkit across risk domains The role will support the uplift of a robust, independent 1LOD Compliance function that collaborates with—but is distinct from—Second Line oversight. **Qualifications** Required: + 10 years of compliance, legal, or risk experience in financial services, preferably within a 1LOD or 2LOD compliance, control, or operations function. + Deep expertise in banking regulations and compliance frameworks. The candidate should have working understanding and knowledge of most regulations including but not limited to: + Gramm-Leach-Bliley Act (GLBA) + NYDFS Cybersecurity Regulation (23 NYCRR Part 500) + FFIEC IT Handbooks (e.g., Operations, Audit, Development and Acquisition, Business Continuity, Outsourcing, Cybersecurity) + OCC Bulletins and Consent Orders related to technology + FRB guidance on technology risk management + Global and domestic data privacy regulations (e.g., GDPR, CCPA, state-specific privacy laws) + Operational Resilience frameworks (e.g., from FRB, OCC, FDIC, other supra-national and national regulatory bodies). + NIST Cybersecurity Framework (CSF) + ISO 27001/27002 + PCI DSS (if applicable) + International regulations including those from MAS, RBI, OSFI, METI and EU (EBA, ESMA, EC) + Proven experience in developing, implementing, and managing Technology & Cybersecurity compliance programs in a complex organizational environment. + Strong understanding of IT governance, risk, and control frameworks (e.g., COBIT, ITIL, NIST, CRI Cyber Profile). + Sound understanding of various security technologies (e.g., SIEM, DLP, IDS/IPS, WAF, endpoint security, cloud security). + Strong stakeholder management skills, with ability to influence across compliance, risk, audit, and operations. Preferred: + Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Law, or a related field. + Advanced degree (e.g., JD, MBA, MPA) or professional certifications such as CRCM, CISSP, CISM, CISA, CRISC, CGEIT. + Experience working in or with centralized compliance functions and supporting enterprise remediation efforts. + Familiarity with compliance and issue management platforms such as Archer, OpenPages, or ServiceNow. **Key Competencies** + Risk-based decision-making and regulatory interpretation + Independent execution and ownership of compliance functions + Effective cross-functional collaboration and influence + Strong analytical, reporting, and root cause analysis skills + Ability to thrive in a dynamic, fast-paced, and evolving compliance environment ORMCM **Qualifications** We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: + Competitive base salaries + Bonus incentives + Support for financial well-being and retirement + Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) + Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need + Generous paid parental leave policies (depending on your location) + Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) + Free and confidential counseling support through our Healthy Minds program + Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations. **Job:** Technology **Primary Location:** India-Haryana-Gurgaon **Other Locations:** India-Haryana-Gurugram **Schedule** Full-time **Tags** 1LOD_Compliance **Req ID:** 25013695