Principal Regulatory Compliance Attorney

CB&I® is the world’s leading designer and builder of storage facilities, tanks and terminals. With more than 60,000 structures completed throughout our 135+ year history, we have the global expertise and strategically-located operations to provide customers world-class storage solutions for even the most complex energy infrastructure projects.

The Principal Regulatory Compliance Attorney is a critical senior position responsible for designing and implementing a comprehensive risk-based compliance framework; managing regulatory strategy and examinations; protecting data and privacy; and mitigate regulatory and compliance risk across our global organization.

This is an individual contributor position within CB&I’s dynamic legal group located across the USA, UK, and the UAE. This role will sit either in Aberdeen, UK OR Dubai, UAE and report directly to CB&I’s Director of Legal and Corporate Compliance Officer in The Woodlands, Texas, USA and to Asset Solutions’ Legal Director in Aberdeen, Scottland, UK.

Enterprise Compliance

• Help design, implement, and improve CB&I’s enterprise compliance program across multiple jurisdictions. This includes various responsibilities, such as:
• Create policies, procedures, and controls to confirm alignment with applicable laws, regulations, and industry standards;
• Provide oversight and collaboration on compliance matters intersecting with export controls, trade compliance, cross-border regulatory requirements, and third-party due diligence; and
• Conduct risk assessments, identify root causes, develop mitigation strategies, implement and manage correction actions; and track compliance and remediation efforts
• Support and conduct confidential internal investigations. Draft investigation reports. Help manage the employee whistleblower hotline and metric reporting.

Regulatory

• Serve as a primary contact for regulator, inspector, or supervisory communications. Help coordinate or lead productions, submissions, and responses to regulatory exams, audits, inquiries, remediation plans, incidents, or breaches.
• Take responsibility for statutory updates and submissions (e.g., registration and payment of annual data protection fees to the ICO and quarterly returns to the Scottish Lobbying Register).
• Ensure alignment between regulatory requirements and internal policies and programs. Provide guidance on aligning operational controls and initiatives with regulatory requirements.

Data Privacy

• Serve as the GDPR subject-matter expert and help design, implement, and improve the company’s GDPR compliance framework and privacy and data protection program, ensuring alignment with GDPR principles, accountability requirements, and supervisory authority expectations.
• Draft and maintain GDRP-compliant privacy notices, polices, and procedures and conduct or assist with conducting periodic privacy monitoring and audits.
• Oversee and advise on data protection impact assessments, privacy risk assessments, and privacy-related incident response, including breach assessments, notification obligations, and coordination with regulators and external counsel, as needed.

Required Experience

Education: J.D., LL.M., or LL.B.

License: Licensed attorney in good standing in the U.K. or equivalent

Experience:

• 10 years building and overseeing compliance programs and frameworks (preferably multi-jurisdictional experience) with 6 years in the EU and UK
• 6 years of EU and UK regulatory compliance experience, including GDPR and EU data governance, data protection, and privacy
• 6 years defending against EU and UK regulatory inquiries, investigations, and enforcement and interacting with EU and UK regulators and supervisory authorities

Preferred Experience (not required, but a plus)

Certifications: Certified Information Privacy Professional (CIPP), Certified Compliance and Ethics Professional (CCEP), or Certified Regulatory Compliance Manager (CRCM)

Experience:

• Demonstrated experience supporting global companies with EU and GDPR compliance needs and handling complex regulatory compliance matter across multiple jurisdictions
• Familiarity with ISO 27001, 27701, and NIST Privacy Framework

• Strong functional knowledge and subject-matter expertise on EU and GDPR regulatory, compliance, privacy, and data protection regulations
• Practical approach to regulatory compliance in operational environments
• Ability to work autonomously and proactively without frequent supervision
• Strategic thinker with strong analytical and problem-solving skills
• Business presence, polish, and credibility with regulators, leadership, and colleagues
• High emotional intelligence and interpersonal skills
• Strong written and verbal communication and presentation skills
• Fluent in English (speaking and writing)