Compliance Officer

The Compliance Officer will play a critical role in ensuring the organisation operates in full compliance with all applicable legal, regulatory, and internal requirements. This position is central to maintaining the company’s reputation, integrity, and operational effectiveness. The role will provide expert advice and support to the Board, Senior Leadership Team (SLT), and wider business on compliance, regulatory, and contractual matters. The Compliance Officer will also act as the business Data Protection Officer (DPO), overseeing data privacy and protection frameworks. This is a highly collaborative role, requiring close interaction with all departments, as well as external stakeholders and group compliance functions.

Reporting Line

This role reports to Procurement Director and has regular interaction with the SLT and Board.

Key Responsibilities

• Regulatory Compliance & Advisory
  • Maintain up-to-date knowledge of all relevant laws, regulations, and industry standards, including environmental and data protection legislation (e.g. UK GDPR).
  • Interpret and communicate regulatory requirements and changes across the business.
  • Provide practical, commercial compliance advice to senior management and the Board, particularly in relation to customer contracts and regulatory challenges.
  • Liaise with external regulatory bodies, including the Environment Agency, where required.
• Risk Management & Monitoring
  • Identify, assess, and document compliance risks across the organisation.
  • Develop and implement effective internal controls to mitigate identified risks.
  • Conduct regular compliance audits and risk assessments.
  • Maintain and report on risk registers, ensuring clear visibility of compliance exposure.
  • Escalate significant risks or breaches to senior leadership as appropriate.
• Policies, Procedures & Governance
  • Develop, maintain, and review company policies and procedures to ensure ongoing compliance.
  • Conduct annual policy reviews and implement updates where necessary.
  • Support the ongoing development and maintenance of the Integrated Management System (IMS).
  • Contribute to governance frameworks and compliance reporting to SLT, and Board.
• Data Protection (Data Protection Officer)
  • Act as the business Data Protection Officer (DPO).
  • Oversee compliance with data protection legislation, including management of Subject Access Requests (SARs).
  • Lead data breach response processes, including investigation and regulatory reporting where required.
  • Act as the primary contact for data protection queries from regulators and data subjects.
  • Promote privacy-by-design and data protection best practices across the organisation.
• Training & Culture
  • Deliver compliance training and guidance to employees at all levels.
  • Support managers in identifying and addressing compliance issues.
  • Promote a strong culture of ethical behaviour and compliance awareness throughout the organisation.
• Audit, Investigation & Reporting
  • Investigate compliance breaches, irregularities, and non-conformance issues.
  • Implement corrective and preventative actions.
  • Prepare and present compliance reports, risk updates, and mitigation plans to SLT, and Board.
  • Support responses to regulatory requests and audits.
• Standards & Certifications
  • Prepare for and lead the annual assessment to support the organisation in achieving and maintaining ISO standards, including ISO 9001 and ISO 14001.
  • Ensure alignment with UKAS-accredited frameworks and best practices.
  • Manage voluntary compliance with professional and industry standards.
• Cross-Functional Collaboration
  • Work closely with the CTO to oversee compliance relating to cyber security, data privacy, and technology risk.
  • Collaborate with operational teams to ensure compliance with environmental and building regulations.
  • Liaise with building owners and stakeholders to ensure statutory compliance requirements are met.
  • Review marketing materials, presentations, and digital content to ensure regulatory compliance.
• Additional Responsibilities
  • Support estate management and office compliance requirements.
  • Undertake general administrative duties related to compliance and governance activities.
  • Act as a key point of contact for group-level compliance engagement (e.g. with Biffa Group compliance teams).

Key Skills & Competencies

• Strong understanding of regulatory frameworks and compliance principles
• Excellent analytical and problem-solving skills with a commercial mindset
• Ability to interpret complex regulations and provide clear, actionable guidance
• Strong communication skills, with the ability to influence at senior levels
• High level of integrity, professionalism, and ethical judgement
• Ability to challenge constructively and escalate issues where necessary
• Strong organisational skills and attention to detail
• Collaborative approach with the ability to work across multiple departments

Experience & Qualifications

• Proven experience in a compliance, risk, legal, or governance role
• Experience operating in a regulated environment (environmental, waste, or similar sectors desirable)
• Knowledge of ISO standards (ISO 9001, ISO 14001)
• Experience in data protection and privacy compliance (DPO experience desirable)
• Relevant professional qualification (e.g. ICA, IRM, or legal background) is advantageous