The Body Shop International is recruiting a Compliance Officer to be based across our East Croydon and Littlehampton offices.
Why work for The Body Shop?
- When Anita Roddick founded The Body Shop in 1976, she had a vision. Business as a force for good – that’s us. 40 years later, we’re proud to be pioneering cruelty-free beauty every step of the way. We’re the original ethical beauty brand. We’ve got a thing for empowering people and enriching our planet. We’re all about keeping it real, in every way possible.
- Our activist roots remain a huge part of everything we do, from our iconic window posters to our vegetarian products to our infamous campaigns. We’re never afraid to stand up and speak the truth. We like to do things a little differently around here.
- In fact, this is an incredibly exciting time for The Body Shop. We’re fighting for what we believe in now more than ever. No holding back. Breaking the mould has always come naturally to us, and we need someone who’s not afraid to mix things up.
The role in a nutshell
- The Compliance Officer will report to the General Counsel and will oversee all regulatory and compliance initiatives, including employee education. They will serve as the Company’s Compliance Officer ensuring that the Company and its employees are complying with regulatory requirements and internal policies and procedures. They will also assist with other ad hoc legal matters.
A day in the life of
- Review existing policies and procedures, identifying gaps and making enhancements where needed to mitigate identified risks and in particular inform, advise and issue recommendations to the Company regarding compliance with data protections laws including GDPR, and Company policies and guidelines with respect of data protection
- Act as the Company’s data protection officer and foster a data protection culture within the organisation and help to implement essential elements of the GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, awareness training, and notification and communication of data breaches
- Proactively make recommendations on developing and assessing corporate compliance programs, training, adherence and effectiveness
- company-wide business practices for all internal organisations, including without limitation, Legal, HR, Sourcing, Product and Sales
- Develop, maintain and update reporting and escalation procedure and workflow for compliance issues to be routed through the appropriate channels for investigation
- Ensure that compliance issues/concerns within the organisation are being investigated and resolved
- Manage certification processes and on-going compliance for both internal initiatives and external vendors
- Maintain current knowledge of laws and regulations, keep abreast of recent changes
- Respond to government investigations and queries as the principal point of contact
- Monitor audit review processes and maintain awareness of compliance issues, and in conjunction with the office of General Counsel and Senior Management, respond to administrative inquiries related to compliance issues or audits
What you’ll need
- Minimum 10 years of relevant work experience; combination of law firm and in-house experience preferred
- presentation/negotiation skills
- Strong analytical and investigative skills
- Previous experience in a compliance, data protection and/or privacy role preferred
- Possess integrity, professional ethics, and sound judgement in managing risks and enforcing company-wide standards
- Ability to handle information and business confidentiality, as appropriate
- Demonstrated leadership and problem-solving skills, and ability to work under pressure
- Familiarity or experience with implementing data protection policies, procedure, and training materials, and promoting a culture of data protection compliance across business functions
- Experience with the details and practical application of current European data protection legislation, and possess an in depth understanding of the GDPR