Senior Regulatory Compliance Manager

Worldwide, energy asset owners choose CB sound judgment; a practical, risk-based approach; the ability to apply that knowledge, experience, and judgment globally across several jurisdictions, with a key focus on the EU and GDPR; and the curiosity and desire for professional growth. This position serves as a strategic partner to various functions across our global organization (e.g., operations, engineering, procurement, supply chain, sales, legal, risk, HR, IT, etc.) and will have significant responsibilities and exposure to leadership and provide proactive guidance to mitigate regulatory and compliance risk in a highly regulated global environment.

This position is an individual contributor role within CB track compliance and remediation efforts; and report trends to leadership. Support and conduct confidential internal investigations. Draft investigation reports. Help manage the employee whistleblower hotline and metric reporting.

Regulatory

• Monitor legislative and regulatory developments across multiple jurisdictions and assess their impact on the company’s policies and controls.
• Ensure alignment between regulatory requirements and internal policies and programs.
• Take responsibility for statutory updates and submissions, for example registration and payment of annual data protection fees to the Information Commissioner's Office and quarterly returns to the Scottish Lobbying Register.
• Provide business functions with guidance on aligning operational controls and initiatives with regulatory requirements and partner with business functions to establish regulatory awareness and accountability.
• Serve as a primary point of contact for regulator, inspector, or supervisory interactions and communications.
• Help lead, manage, prepare for, and respond to regulatory exams, audits, and inquiries, and coordinate regulatory productions, submissions, responses, and remediation planning.
• Report to leadership on regulatory developments and risk across the organization and report trends and metrics.
• Serve as the global subject-matter expert on GDPR and other applicable international privacy and data protection regulations.
• Help lead the design, implementation, and continuous improvement of the company’s GDPR compliance framework and privacy and data protection program.
• Ensure alignment with GDPR principles, accountability requirements, and supervisory authority expectations.
• Possess the competence and confidence to provide data protection and privacy guidance into more jurisdictions, particularly emerging privacy jurisdictions across the middle east and Asia.
• Draft and maintain GDRP-compliant privacy notices, policies, and procedures and conduct or assist with conducting periodic privacy monitoring and audits.
• Oversee and advise on data protection impact assessments, privacy risk assessments, and privacy-related incident response, including breach assessments, notification obligations, and coordination with regulators and external counsel, as needed.
• Provide oversight and collaboration on matters involving export controls, trade compliance, and cross-border regulatory requirements.
• Act as a primary point of contact for privacy-related regulatory engagement, including responding to regulatory inquiries, examinations, audits, and supervisory authority communications, and for any incident or breach responses.
• Help develop and deliver training and awareness programs and compliance audits.
• Lead in promoting a commitment to ethics, integrity, and accountability across the organization.

Skills and Behaviors

• Strong functional knowledge and subject-matter expertise on EU and GDPR regulatory, compliance, privacy, and data protection regulations.
• Experience harmonizing a global privacy framework across the EU, GDPR, and other privacy jurisdictions.
• Leadership or management experience in a global organization and in a regulated industry.
• Risk-based, practical approach to regulatory compliance in operational environments.
• Ability to work autonomously and proactively without frequent supervision.
• Strategic thinker with strong analytical and problem-solving skills.
• Business presence, polish, and credibility with regulators, leadership, and colleagues.
• High emotional intelligence and interpersonal skills.
• Strong written and verbal communication and presentation skills.
• Experience of regulatory compliance experience (preferably multi-jurisdictional experience) that includes: EU compliance law; building and overseeing compliance programs and frameworks; handling complex compliance issues across multiple jurisdictions for a global organization; strategically integrating regulatory requirements and compliance initiatives into business operations; defending against regulatory exams, audits, and inquiries; and direct regulator interaction.
• Experience in EU data governance, privacy, data protection, with direct GDPR program design, ownership, and/or oversight.
• Experience interacting with EU and UK regulators and supervisory authorities, responding to EU regulatory inquiries and investigations, and handling regulatory responses, enforcement, and remediation.

Preferred Experience

• Experience working in a senior position in a multinational organization.
• Experience handing EU personal data and supporting global companies with compliance needs across Europe, the Middle East, Asia, or Latin America.
• Experience with registration and payment of annual data protection fees to the Information Commissioner's Office and quarterly returns to the Scottish Lobbying Register.
• Familiarity with ISO 27001, 27701, and NIST Privacy Framework.
• Demonstrated experience managing DSAR, breach response, and supervisory authority.

Essential Qualifications

• Education: Bachelor's degree required.

Preferred Qualifications

• Education: Advanced or postgraduate professional degree (Masters, MBA, JD, etc.).
• License: Licensed attorney in good standing in the U.K. or equivalent.
• Certifications: We favor demonstrated leadership and proven experience over certifications; however, compliance-related certifications are a plus (e.g., Certified Information Privacy Professional (CIPP), Certified Compliance and Ethics Professional (CCEP), Certified Regulatory Compliance Manager (CRCM)).
• Industry: Prior experience in engineering, construction, energy, oil and gas, or similar regulated industries is nice, but not required. We encourage applicants from other industries to apply.