Senior Regulatory Compliance Manager
Key responsibilities:
* The role is responsible for designing, implementing, and continuously improving a comprehensive risk‑based compliance framework, managing regulatory strategy, interactions, and examinations, and protecting data and privacy across the global organization.
* Requires deep functional knowledge and proven experience in regulatory and compliance disciplines; sound judgment; a practical, risk‑based approach; ability to apply knowledge globally across several jurisdictions, with a key focus on the EU and GDPR; and curiosity and desire for professional growth.
* Acts as a strategic partner to various functions across the organization (operations, engineering, procurement, supply chain, sales, legal, risk, HR, IT, etc.) and provides proactive guidance to mitigate regulatory and compliance risk.
* Individual contributor within the legal group located across USA, UK, and UAE; may be based in Aberdeen (UK) or Dubai (UAE); reports to Director of Legal and Corporate Compliance Officer (The Woodlands, Texas, USA) and to Asset Solutions' Legal Director (Aberdeen, Scotland, UK).
* Enterprise compliance: monitors and interprets legal and regulatory amendments; translates them into actionable guidance; designs and implements the enterprise compliance program across multiple jurisdictions.
* Drafts and updates compliance policies, procedures, and controls across jurisdictions to confirm alignment with applicable laws, regulations, and industry standards.
* Monitors and supports third‑party due diligence, risk assessments, and adherence to company compliance (KYC, due diligence, monitoring of vendors, contractors, business partners).
* Collaborates on contract initiatives with emphasis on compliance‑related provisions (e.g., KYC questionnaires, sanctions surveys).
* Provides oversight and collaboration on compliance matters intersecting with export controls, trade compliance, cross‑border regulatory requirements, and third‑party engagements.
* Conducts risk assessments, identifies root causes, develops mitigation strategies, implements and manages correction actions; tracks compliance and remediation efforts; reports trends to leadership.
* Supports and conducts confidential internal investigations, drafts investigation reports; manages employee whistleblower hotline and metric reporting.
* Regulatory: monitors legislative and regulatory developments across jurisdictions and assesses impact on company policies and controls; ensures alignment between regulatory requirements and internal policies.
* Handles statutory updates and submissions (e.g., registration and payment of annual data protection fees to the Information Commissioner’s Office; quarterly returns to the Scottish Lobbying Register).
* Provides guidance on aligning operational controls and initiatives with regulatory requirements; partners with business functions to establish regulatory awareness and accountability.
* Acts as primary point of contact for regulator, inspector, or supervisory interactions and communications.
* Leads, manages, prepares for, and responds to regulatory exams, audits, and inquiries; coordinates regulatory productions, submissions, responses, and remediation planning.
* Reports to leadership on regulatory developments and risks; reports trends and metrics.
* Serves as global subject‑matter expert on GDPR and other applicable international privacy and data protection regulations.
* Helps lead design, implementation, and continuous improvement of GDPR compliance framework and privacy program; aligns with GDPR principles and supervisory authority expectations.
* Provides data protection and privacy guidance across emerging privacy jurisdictions in the Middle East and Asia.
* Drafts and maintains GDPR‑compliant privacy notices, policies, and procedures; conducts periodic privacy monitoring and audits.
* Oversees and advises on data protection impact assessments, privacy risk assessments, and privacy‑related incident response, including breach assessments and notification obligations.
* Acts as primary contact for privacy‑related regulatory engagement (inquiries, examinations, audits, supervisory authority communications). Leads incident or breach responses.
* Develops and delivers training and awareness programs and compliance audits.
* Promotes a commitment to ethics, integrity, and accountability across the organization.
* Partners with all functions within the organization.
Skills and Behaviors
* Strong functional knowledge and subject‑matter expertise on EU and GDPR regulatory, compliance, privacy, and data protection regulations.
* Experience harmonizing a global privacy framework across the EU, GDPR, and other privacy jurisdictions.
* Leadership or management experience in a global organization and in a regulated industry.
* Risk‑based, practical approach to regulatory compliance in operational environments.
* Ability to work autonomously and proactively without frequent supervision.
* Strategic thinker with strong analytical and problem‑solving skills.
* Business presence, polish, and credibility with regulators, leadership, and colleagues.
* High emotional intelligence and interpersonal skills.
* Strong written and verbal communication and presentation skills.
* Years of regulatory compliance experience (preferably multi‑jurisdictional) including EU compliance law, building and overseeing compliance programs and frameworks, handling complex compliance issues across multiple jurisdictions, defending against regulatory exams, audits, and inquiries, and direct regulator interaction.
* Years of experience in EU data governance, privacy, data protection, with direct GDPR program design, ownership, and/or oversight.
* Experience interacting with EU and UK regulators and supervisory authorities; responding to EU regulatory inquiries and investigations; handling regulatory responses, enforcement, and remediation.
Preferred Experience
* Experience working in a senior position in a multinational organization.
* Experience handling EU personal data and supporting global companies with compliance needs across Europe, the Middle East, Asia, or Latin America.
* Experience with registration and payment of annual data protection fees to the Information Commissioner’s Office and quarterly returns to the Scottish Lobbying Register.
* Familiarity with ISO 27001, 27701, and NIST Privacy Framework.
* Demonstrated experience managing DSAR, breach response, and supervisory authority.
Essential Qualifications and Skills
* Education: Bachelor’s degree required.
* Preferred: Advanced or postgraduate professional degree (Master’s, MBA, JD, etc.).
* License: Licensed attorney in good standing in the U.K. or equivalent (not required, but a plus).
* Certifications: CIPP, CCEP, CRCM, or other compliance/ privacy certifications (preferred but not required).
* Industry: Prior experience in engineering, construction, energy, oil and gas, or similar regulated industries is nice, but not required. Applicants from other industries are encouraged.
#J-18808-Ljbffr