Principal Regulatory Compliance Attorney

CB&I View all jobs

  • Dubai
  • Permanent
  • Full-time
  • 24 days ago
Company Overview:CB&I® is the world’s leading designer and builder of storage facilities, tanks and terminals. With more than 60,000 structures completed throughout our 135+ year history, we have the global expertise and strategically-located operations to provide customers world-class storage solutions for even the most complex energy infrastructure projects. Overview:The Principal Regulatory Compliance Attorney must have functional knowledge and demonstrated experience across regulatory, compliance, and privacy matters within a global or multijurisdictional organization, with particular emphasis on EU regulations and GDPR requirements.The Principal Regulatory Compliance Attorney is a critical senior position responsible for designing and implementing a comprehensive risk-based compliance framework; managing regulatory strategy and examinations; protecting data and privacy; and mitigate regulatory and compliance risk across our global organization.This is an individual contributor position within CB&I’s dynamic legal group located across the USA, UK, and the UAE. This role will sit either in Aberdeen, UK OR Dubai, UAE and report directly to CB&I’s Director of Legal and Corporate Compliance Officer in The Woodlands, Texas, USA and to Asset Solutions’ Legal Director in Aberdeen, Scottland, UK. Responsibilities:Enterprise Compliance
  • Help design, implement, and improve CB&I’s enterprise compliance program across multiple jurisdictions. This includes various responsibilities, such as:
  • Create policies, procedures, and controls to confirm alignment with applicable laws, regulations, and industry standards;
  • Provide oversight and collaboration on compliance matters intersecting with export controls, trade compliance, cross-border regulatory requirements, and third-party due diligence; and
  • Conduct risk assessments, identify root causes, develop mitigation strategies, implement and manage correction actions; and track compliance and remediation efforts
  • Support and conduct confidential internal investigations. Draft investigation reports. Help manage the employee whistleblower hotline and metric reporting.
Regulatory
  • Serve as a primary contact for regulator, inspector, or supervisory communications. Help coordinate or lead productions, submissions, and responses to regulatory exams, audits, inquiries, remediation plans, incidents, or breaches.
  • Take responsibility for statutory updates and submissions (e.g., registration and payment of annual data protection fees to the ICO and quarterly returns to the Scottish Lobbying Register).
  • Ensure alignment between regulatory requirements and internal policies and programs. Provide guidance on aligning operational controls and initiatives with regulatory requirements.
Data Privacy
  • Serve as the GDPR subject-matter expert and help design, implement, and improve the company’s GDPR compliance framework and privacy and data protection program, ensuring alignment with GDPR principles, accountability requirements, and supervisory authority expectations.
  • Draft and maintain GDRP-compliant privacy notices, polices, and procedures and conduct or assist with conducting periodic privacy monitoring and audits.
  • Oversee and advise on data protection impact assessments, privacy risk assessments, and privacy-related incident response, including breach assessments, notification obligations, and coordination with regulators and external counsel, as needed.
Qualifications:Required ExperienceEducation: J.D., LL.M., or LL.B.License: Licensed attorney in good standing in the U.K. or equivalentExperience:
  • 10 years building and overseeing compliance programs and frameworks (preferably multi-jurisdictional experience) with 6 years in the EU and UK
  • 6 years of EU and UK regulatory compliance experience, including GDPR and EU data governance, data protection, and privacy
  • 6 years defending against EU and UK regulatory inquiries, investigations, and enforcement and interacting with EU and UK regulators and supervisory authorities
Preferred Experience (not required, but a plus)Certifications: Certified Information Privacy Professional (CIPP), Certified Compliance and Ethics Professional (CCEP), or Certified Regulatory Compliance Manager (CRCM)Experience:
  • Demonstrated experience supporting global companies with EU and GDPR compliance needs and handling complex regulatory compliance matter across multiple jurisdictions
  • Familiarity with ISO 27001, 27701, and NIST Privacy Framework
Skills and Behaviors:
  • Strong functional knowledge and subject-matter expertise on EU and GDPR regulatory, compliance, privacy, and data protection regulations
  • Practical approach to regulatory compliance in operational environments
  • Ability to work autonomously and proactively without frequent supervision
  • Strategic thinker with strong analytical and problem-solving skills
  • Business presence, polish, and credibility with regulators, leadership, and colleagues
  • High emotional intelligence and interpersonal skills
  • Strong written and verbal communication and presentation skills
  • Fluent in English (speaking and writing)

CB&I