Senior Regulatory Compliance Manager

Worldwide, energy asset owners choose CB&I Asset Solutions as their asset management partner, confident in our ability to deliver tailored, value driven asset management solutions.

Our commitment is simple but powerful: to deliver value to our customers through safe, effective and efficient operations, maintenance, wells and decommissioning solutions, specialising in late life energy assets.

We're committed to investing in our people, and to building exceptional teams who deliver.  Our people are trusted by our customers to safely operate their energy assets, improve performance and extend asset life through innovative solutions.

We support flexible working requests and have adopted a hybrid approach for most of our office-based roles. We ask employees to be present in the office at least three days per week.

Think smarter. Move faster. Deliver value.  

JOB TITLE : Senior Regulatory Compliance Manager

KEY RESPONSIBILITIES:

·        The (Senior Regulatory Compliance Attorney or Senior Regulatory Compliance Manager) is a critical senior position that is responsible for designing, implementing, and continuously improving a comprehensive risk-based compliance framework, managing regulatory strategy, interactions, and examinations, and protecting data and privacy across our global organization.

·        Accordingly, this role requires deep functional knowledge and proven experience in regulatory and compliance disciplines; sound judgment; a practical, risk-based approach; the ability to apply that knowledge, experience, and judgment globally across several jurisdictions, with a key focus on the EU and GDPR; and the curiosity and desire for professional growth.

·        This position serves as a strategic partner to various functions across our global organization (e.g., operations, engineering, procurement, supply chain, sales, legal, risk, HR, IT, etc.) and will have significant responsibilities and exposure to leadership and provide proactive guidance to mitigate regulatory and compliance risk in a highly regulated global environment.

·        This position is an individual contributor role within CB&I’s dynamic legal group located across the USA, UK, and the UAE. This position will sit in either Aberdeen, UK or Dubai, UAE, and report directly to the CB&I’s Director of Legal and Corporate Compliance Officer in The Woodlands, Texas, USA and to Asset Solutions’ Legal Director in Aberdeen, Scottland, UK.

·         Enterprise Compliance

·        Monitor and interpret legal and regulatory amendments and requirements, translate them into understanding, actionable operational guidance, and help design and implement the organization’s enterprise compliance program across multiple jurisdictions.

·       Draft and update compliance policies, procedures, and controls across multiple jurisdictions to confirm alignment with applicable laws, regulations, and industry standards.

·        Monitor and support third-party due diligence, risk assessments, and adherence to company compliance, including know-your-client, due diligence, and monitoring of vendors, contractors, and business partners.

·       Collaborate on various contract initiatives, with an emphasis on compliance-related contract provisions (e.g., Know-Your-Client questionnaires, Sanctions surveys, etc.).

·        Provide oversight and collaboration on compliance matters intersecting with export controls, trade compliance, cross-border regulatory requirements, and third-party engagements.

·        Conduct risk assessments, identify root causes, develop mitigation strategies, implement and manage correction actions; track compliance and remediation efforts; and report trends to leadership.

·        Support and conduct confidential internal investigations. Draft investigation reports. Help manage the employee whistleblower hotline and metric reporting.

·         Regulatory

·        Monitor legislative and regulatory developments across multiple jurisdictions and assess their impact on the company’s policies and controls. Ensure alignment between regulatory requirements and internal policies and programs.

·        Take responsibility for statutory updates and submissions, for example registration and payment of annual data protection fees to the Information Commissioner's Office and quarterly returns to the Scottish Lobbying Register.

·        Provide business functions with guidance on aligning operational controls and initiatives with regulatory requirements and partner with business functions to establish regulatory awareness and accountability.

·         Serve as a primary point of contact for regulator, inspector, or supervisory interactions and communications.

·        Help lead, manage, prepare for, and respond to regulatory exams, audits, and inquiries, and coordinate regulatory productions, submissions, responses, and remediation planning.

·         Report to leadership on regulatory developments and risk across the organization and report trends and metrics.

·         Serve as the global subject-matter expert on GDPR and other applicable international privacy and data protection regulations.

·        Help lead the design, implementation, and continuous improvement of the company’s GDPR compliance framework and privacy and data protection program. Ensure alignment with GDPR principles, accountability requirements, and supervisory authority expectations.

·        Possess the competence and confidence to provide data protection and privacy guidance into more jurisdictions, particularly emerging privacy jurisdictions across the middle east and Asia.

·        Draft and maintain GDRP-compliant privacy notices, polices, and procedures and conduct or assist with conducting periodic privacy monitoring and audits.

·        Oversee and advise on data protection impact assessments, privacy risk assessments, and privacy-related incident response, including breach assessments, notification obligations, and coordination with regulators and external counsel, as needed.

·         Provide oversight and collaboration on matters involving export controls, trade compliance, and cross-border regulatory requirements.

·        Act as a primary point of contact for privacy-related regulatory engagement, including responding to regulatory inquiries, examinations, audits, and supervisory authority communications, and for any incident or breach responses.

·         Help develop and deliver training and awareness programs and compliance audits.

·         Lead in promoting a commitment to ethics, integrity, and accountability across the organization.

·       Partner with all functions within the organization including without limitation operations, engineering, procurement, supply chain, sales, legal, risk, HR, IT, etc.

·         Skills and Behaviors

·         Strong functional knowledge and subject-matter expertise on EU and GDPR regulatory, compliance, privacy, and data protection regulations

·         Experience harmonizing a global privacy framework across the EU, GDPR, and other privacy jurisdictions

·         Leadership or management experience in a global organization and in a regulated industry

·         Risk-based, practical approach to regulatory compliance in operational environments

·         Ability to work autonomously and proactively without frequent supervision

·         Strategic thinker with strong analytical and problem-solving skills

·         Business presence, polish, and credibility with regulators, leadership, and colleagues

·         High emotional intelligence and interpersonal skills

·         Strong written and verbal communication and presentation skills

·        A years of regulatory compliance experience (preferably multi-jurisdictional experience) that includes: EU compliance law; building and overseeing compliance programs and frameworks; handling complex compliance issues across multiple jurisdictions for a global organization; strategically integrating regulatory requirements and compliance initiatives into business operations; defending against regulatory exams, audits, and inquiries; and direct regulator interaction.

·         A years of experience in EU data governance, privacy, data protection, with direct GDPR program design, ownership, and/or oversight.

·        Experience interacting with EU and UK regulators and supervisory authorities, responding to EU regulatory inquiries and investigations, and handling regulatory responses, enforcement, and remediation

·         Preferred Experience

·         Experience working in a senior position in a multinational organization

·        Experience handing EU personal data and supporting global companies with compliance needs across Europe, the Middle East, Asia, or Latin America

·        Experience with registration and payment of annual data protection fees to the Information Commissioner's Office and quarterly returns to the Scottish Lobbying Register

·         Familiarity with ISO 27001,  27701, and NIST Privacy Framework

·         Demonstrated experience managing DSAR, breach response, and supervisory authority

ESSENTIAL QUALIFICATIONS AND SKILLS:

·         Education: Bachelor's degree required

·         Preferred Qualifications (not required, but a plus)

·         Education: Advanced or postgraduate professional degree (Masters, MBA, JD, etc.)

·         License: Licensed attorney in good standing in the U.K. or equivalent

·         Certifications: We favor demonstrated leadership and proven experience over certifications; however, compliance-related certifications are a plus (e.g., Certified Information Privacy Professional (CIPP), Certified Compliance and Ethics Professional (CCEP), Certified Regulatory Compliance Manager (CRCM))

·        Industry: Prior experience in engineering, construction, energy, oil and gas, or similar regulated industries is nice, but not required. We encourage applicants from other industries to apply

#LI-JN1