The Principal Regulatory Compliance Attorney must have functional knowledge and demonstrated experience across regulatory, compliance, and privacy matters within a global or multijurisdictional organization, with particular emphasis on EU regulations and GDPR requirements. This is a critical senior position responsible for designing and implementing a comprehensive risk-based compliance framework; managing regulatory strategy and examinations; protecting data and privacy; and mitigate regulatory and compliance risk across our global organization.
This is an individual contributor position within CB&I’s dynamic legal group located across the USA, UK, and the UAE. This role This role will sit either in Aberdeen, UK OR Dubai, UAE and will report directly to CB&I’s Director of Legal and Corporate Compliance Officer in The Woodlands, Texas, USA and to Asset Solutions’ Legal Director in Aberdeen, Scottland, UK.
Responsibilities
Enterprise Compliance
- Help design, implement, and improve CB&I’s enterprise compliance program across multiple jurisdictions. This includes various responsibilities, such as:
- Create policies, procedures, and controls to confirm alignment with applicable laws, regulations, and industry standards;
- Provide oversight and collaboration on compliance matters intersecting with export controls, trade compliance, cross-border regulatory requirements, and third-party due diligence; and
- Conduct risk assessments, identify root causes, develop mitigation strategies, implement and manage correction actions; and track compliance and remediation efforts
- Support and conduct confidential internal investigations. Draft investigation reports. Help manage the employee whistleblower hotline and metric reporting.
Regulatory
- Serve as a primary contact for regulator, inspector, or supervisory communications. Help coordinate or lead productions, submissions, and responses to regulatory exams, audits, inquiries, remediation plans, incidents, or breaches.
- Take responsibility for statutory updates and submissions (e.g., registration and payment of annual data protection fees to the ICO and quarterly returns to the Scottish Lobbying Register).
- Ensure alignment between regulatory requirements and internal policies and programs. Provide guidance on aligning operational controls and initiatives with regulatory requirements.
Data Privacy
- Serve as the GDPR subject-matter expert and help design, implement, and improve the company’s GDPR compliance framework and privacy and data protection program, ensuring alignment with GDPR principles, accountability requirements, and supervisory authority expectations.
- Draft and maintain GDRP-compliant privacy notices, polices, and procedures and conduct or assist with conducting periodic privacy monitoring and audits.
- Oversee and advise on data protection impact assessments, privacy risk assessments, and privacy-related incident response, including breach assessments, notification obligations, and coordination with regulators and external counsel, as needed.
Qualifications
Education: J.D., LL.M., or LL.B.
License: Licensed attorney in good standing in the U.K. Or equivalent
Experience:
- 10 years building and overseeing compliance programs and frameworks (preferably multi-jurisdictional experience) with 6 years in the EU and UK
- 6 years of EU and UK regulatory compliance experience, including GDPR and EU data governance, data protection, and privacy
- 6 years defending against EU and UK regulatory inquiries, investigations, and enforcement and interacting with EU and UK regulators and supervisory authorities
Preferred Experience (not required, but a plus)
Certifications: Certified Information Privacy Professional (CIPP), Certified Compliance and Ethics Professional (CCEP), or Certified Regulatory Compliance Manager (CRCM)
Experience:
- Demonstrated experience supporting global companies with EU and GDPR compliance needs and handling complex regulatory compliance matter across multiple jurisdictions
- Familiarity with ISO 27001, 27701, and NIST Privacy Framework