Principal Regulatory Compliance Attorney

Company Overview

CB&I® is the world’s leading designer and builder of storage facilities, tanks and terminals. With more than 60,000 structures completed throughout our 135+ year history, we have the global expertise and strategically-located operations to provide customers world-class storage solutions for even the most complex energy infrastructure projects.

Overview

The Principal Regulatory Compliance Attorney must have functional knowledge and demonstrated experience across regulatory, compliance, and privacy matters within a global or multijurisdictional organization, with particular emphasis on EU regulations and GDPR requirements.

The Principal Regulatory Compliance Attorney is a critical senior position responsible for designing and implementing a comprehensive risk-based compliance framework; managing regulatory strategy and examinations; protecting data and privacy; and mitigate regulatory and compliance risk across our global organization.

This is an individual contributor position within CB&I’s dynamic legal group located across the USA, UK, and the UAE. This role will sit either in Aberdeen, UK OR Dubai, UAE and report directly to CB&I’s Director of Legal and Corporate Compliance Officer in The Woodlands, Texas, USA and to Asset Solutions’ Legal Director in Aberdeen, Scottland, UK.

Responsibilities

Enterprise Compliance

• Help design, implement, and improve CB&I’s enterprise compliance program across multiple jurisdictions. This includes various responsibilities, such as:
• Create policies, procedures, and controls to confirm alignment with applicable laws, regulations, and industry standards;
• Provide oversight and collaboration on compliance matters intersecting with export controls, trade compliance, cross-border regulatory requirements, and third-party due diligence; and
• Conduct risk assessments, identify root causes, develop mitigation strategies, implement and manage correction actions; and track compliance and remediation efforts
• Support and conduct confidential internal investigations. Draft investigation reports. Help manage the employee whistleblower hotline and metric reporting.
  
  

Regulatory

• Serve as a primary contact for regulator, inspector, or supervisory communications. Help coordinate or lead productions, submissions, and responses to regulatory exams, audits, inquiries, remediation plans, incidents, or breaches.
• Take responsibility for statutory updates and submissions (e.g., registration and payment of annual data protection fees to the ICO and quarterly returns to the Scottish Lobbying Register).
• Ensure alignment between regulatory requirements and internal policies and programs. Provide guidance on aligning operational controls and initiatives with regulatory requirements.
  
  

Data Privacy

• Serve as the GDPR subject-matter expert and help design, implement, and improve the company’s GDPR compliance framework and privacy and data protection program, ensuring alignment with GDPR principles, accountability requirements, and supervisory authority expectations.
• Draft and maintain GDRP-compliant privacy notices, polices, and procedures and conduct or assist with conducting periodic privacy monitoring and audits.
• Oversee and advise on data protection impact assessments, privacy risk assessments, and privacy-related incident response, including breach assessments, notification obligations, and coordination with regulators and external counsel, as needed.
  
  

Qualifications

Required Experience

Education: J.D., LL.M., or LL.B.

License: Licensed attorney in good standing in the U.K. or equivalent

Experience:

• 10 years building and overseeing compliance programs and frameworks (preferably multi-jurisdictional experience) with 6 years in the EU and UK
• 6 years of EU and UK regulatory compliance experience, including GDPR and EU data governance, data protection, and privacy
• 6 years defending against EU and UK regulatory inquiries, investigations, and enforcement and interacting with EU and UK regulators and supervisory authorities
  
  

Preferred Experience (not Required, But a Plus)

Certifications: Certified Information Privacy Professional (CIPP), Certified Compliance and Ethics Professional (CCEP), or Certified Regulatory Compliance Manager (CRCM)

Experience:

• Demonstrated experience supporting global companies with EU and GDPR compliance needs and handling complex regulatory compliance matter across multiple jurisdictions
• Familiarity with ISO 27001, 27701, and NIST Privacy Framework
  
  

Skills and Behaviors

• Strong functional knowledge and subject-matter expertise on EU and GDPR regulatory, compliance, privacy, and data protection regulations
• Practical approach to regulatory compliance in operational environments
• Ability to work autonomously and proactively without frequent supervision
• Strategic thinker with strong analytical and problem-solving skills
• Business presence, polish, and credibility with regulators, leadership, and colleagues
• High emotional intelligence and interpersonal skills
• Strong written and verbal communication and presentation skills
• Fluent in English (speaking and writing)

---