Principal Compliance

About the Role

As Principal Compliance role, take responsibility in managing risk and compliance activities.  Understand detailed Technology Cybersecurity standards, Sox and other relevant regulatory controls including GDPR and ensure controls are designed efficiently to address risks and operating effectively in a consistent manner as per defined procedures. Manage partner compliance team and work with geographically dispersed stakeholders.  Drive Sox control activities and problem management and actively support in achieving all compliance relevant KPIs. Define compliance automation and process improvement roadmap to improve efficiencies in controls operation and help in implementing the roadmap.

This role can be based in any of our BHP global offices

• Engage with Function and Technology stakeholders at various levels of the organization to build effective and trusted working relationships, together with working with multi-disciplinary and geographically distributed teams.
• Build cross-function relationships with other cybersecurity functions and act as an escalation point for risk and compliance related issues for functional teams and technical go-to person for a range of compliance matters.
• Assists with setting strategic direction for Risk and Compliance activities.
• Ensure deep understanding of Sox framework and controls and their connection with Technology Cyber Standards (Our Requirements) and ensure regulatory related controls like Sox, GDPR are adhered to by the Control operators.
• Drive and coordinate risk and compliance related activities as required and contribute to compliance in projects.
• Supervise Partner compliance team and provide guidance on controls operation, and compliance to standards and guidelines.
• Assists with reporting and monitoring the completion of Partner-driven risk and compliance related actions, perform regular risk management process to ensure risks are identified and assessed.
• Drive problem management and RCA activities. Strong attention to detail to prevent recuring issues, contribute to compliance automation strategy and roadmap. Review detailed design documents and ensure automation delivers efficiencies.
• Provide reporting view on compliance status and monitor Internal Audit actions, Understand emerging areas such as Cloud Security, SAP’s compliance roadmap and bots-driven compliance.

About You

• Bachelor’s degree required; Computer Science or Engineering preferred.
• Should have 7-9 years or more experience in risk and compliance related roles with at least 5 years in lead roles.
• Provides direction and sets targets. Prioritises and adjusts their work activities to focus on what matters most to the team.
• Works autonomously and uses their understanding of the purpose and success measures of tasks to guide their work.
• Should be familiar with risks and controls frameworks including but not limited to SSAE16/ SOC reports. Certifications in either CISM, CISSP, CISA, COSO or CRISC would be preferred.
• Exposure to DevOps practices, ITIL, ITSM practices
• SAP knowledge is desired e.g. SAP GRC and SAP security 
• Experience working with some of these tools: Archer CAR, ServiceNow,
• Strong experience in stakeholder management.
• Demonstrable experience in effectively engaging globally dispersed stakeholders and multi-disciplinary teams within matrix structures.
• Self-motivated with strong problem solving and analytical decision-making capability with attention to detail.
• Effective communicator (both verbal and written) with solid interpersonal skills, excellent presentation skills, and ability to convey information to non-technical colleagues in a concise and clear way.
• Demonstrated ability to analyse and understand functional, technical and non-functional requirements.
• Provide technical competence and support to Leadership in defining and achieving Compliance KPIs.
• Engaging in team activities including active participation in surveys, knowledge sharing sessions, team building, being a mentor and skill development.