Compliance Professional

About the Role:

The Compliance Manager is a leadership position that oversees, drives, and enhances the Compliance program to ensure business practices and activities comply with internal policies, procedures, laws, and regulations.

• Implement policies, procedures, systems, and processes to ensure compliance with laws and regulations (50%).
  
  • Oversee the implementation and governance of the Compliance program, seeking continuous improvement to ensure enforcement within the organization.
  • Identify potential areas of compliance vulnerability and risk; develop and implement associated risk mitigation programs and/or processes in areas such as anti-bribery, healthcare compliance, anti-money laundering, economic sanctions, spam compliance, modern slavery, whistleblowing, workplace surveillance.
  • Support designing, managing, and deploying effective compliance training, communication, and customized programs suitable for designated countries and/or targeted teams and leaders.
  • Maintain accurate and timely records, and risk/compliance systems necessary to support the effective operation and reporting of relevant activities and their progress. This includes regularly reporting to management.
  • Work collaboratively with regional and global compliance team members and cross-functional project teams, as needed, to effectively implement compliance initiatives.
  • Provide guidance, advice, and coordinate with local gatekeeper functions (e.g., Finance, Legal, and Human Resources teams) and business teams, to monitor the performance of the Compliance program in relation to ethics, business conduct, and regulatory compliance matters.
  • Keep abreast of developments in laws, regulations, industry trends, and risks, and best practices.
  • Set up and conduct regular compliance updates and reviews with local management (e.g., quarterly compliance board meetings, and develop an ANZ risk register).
  • Oversee and project manage corrective actions following compliance-related audits.
  
  
• Act as the Group's Privacy Officer for ANZ and support the deployment of the EssilorLuxottica data protection program in ANZ (40%).
  
  • Deploy standard policies, practices/SOPs, and documents (generally and specific to business units), customizing global/regional policies, procedures, as needed (e.g., information handling policies and use of technology and information security policies).
  • Engage with stakeholders to project manage and coordinate compliance activity (key stakeholders include Legal, IT Security, and other business units leaders such as IT, Marketing/CRM, and e-commerce) and the Company's response to suspected data breaches.
  • Conduct assessments and review to identify areas of risks and possible exposure of entities within designated countries.
  • Support the implementation of the Group's data protection program, including but not limited to, appropriate introductory and awareness training and communication, and calibrate the program and policies locally to reflect local requirements as needed.
  • Coordinate the handling of internal and external privacy enquiries, privacy complaints, and requests for access to, correction of, personal information and the Company's response to suspected data breaches and their notification to OAIC and data owners.
  • Prepare a data privacy risk register, monitoring the adequacy of existing controls and recommend related key risk indicators for reporting to management.
  • Provide leadership on broader strategic privacy issues.
  • Identify enhancements and process improvements to best achieve compliance and business objectives.
  • Implement a Privacy Management Framework, including the management of Privacy Impact Assessments, a Data breach response Plan, the Group's use of privacy management tools, and regular training/awareness for all employees.
  
  
• Conduct and report on investigations (10%).
  
  • Independently manage day-to-day Compliance-related issues and investigations from the reporting system, including designing and leading internal investigations (e.g., responding to issues from the reporting system and whistleblowing alerts and concerns communicated by employees/partners/third parties, from audit findings, etc.).
  • Periodically report to the Manager on development related to allegations and investigation cases.
  • Implement the escalation process for serious allegations, in alignment with global/regional practices and corrective actions.
  
  Essential Skills and Qualifications:
  
  • High level of integrity with strong ethical core values and ability to uphold them in occasions of pressure.
    
  • Clear, persuasive communicator with organisational, analytical, and interpersonal skills; manages conflicts in an open and constructive manner; detail-oriented; and able to work effectively with local, regional, and global stakeholders.
    
  • Broad business experience and a proven ability to influence business decisions and lead employees and business partners to drive company-wide Compliance program.
    
  • Capable of supporting strategic decisions based on the local legal, business, and market environment; able to handle complex business situations and develop solutions to ensure compliant growth is achieved.
    
  • Experience in implementation of data protection and spam compliance programs.
    
  • Accounting and/or Legal degree required (preferably with audit or forensics background). Additionally, experience in Sales and Marketing and in retail industry is preferred, but not essential.
    
  • Ability to work effectively with local and global stakeholders, maintaining effective partnerships and working relationships with key stakeholders at all levels of organisation, based on an understanding of their concerns, needs, and motivations.
    
  
  Essential Qualifications:
  
  • Relevant tertiary qualification in Accounting, Legal, or Compliance.
    
  • Minimum of 6 to 8 years' audit and/or compliance-related experience (preferably with experience in a privacy-related role). A good understanding of the Privacy Act (Australian and/or New Zealand) and related Privacy Principles and spam legislation.
    
  • Knowledge of laws, regulations, and industry standards (including, but not limited to Modern Slavery, Whistleblowing, Anti-Bribery, Corruption, Workplace Surveillance, ACL, and document retention requirements).