Job description
THE AGENCY
Creative Artists Agency (CAA) is the leading entertainment and sports agency, with global expertise in filmed and live entertainment, digital media, publishing, sponsorship sales and endorsements, media finance, consumer investing, fashion, trademark licensing, and philanthropy. Distinguished by its culture of collaboration and exceptional client service, CAA’s diverse workforce identifies, innovates, and amplifies opportunities for the people and organisations that shape culture and inspire the world. The trailblazer of the agency business, CAA was the first to build a sports business, create an investment bank, launch a venture fund, found technology start-up companies, establish a philanthropic arm, build a business in China, and form a brand marketing services division, among other innovations.
Named Most Valuable Sports Agency by Forbes for eight consecutive years, CAA represents more than 2,000 of the world’s top athletes in football, baseball, basketball, hockey, soccer, in addition to coaches, on-air broadcasters, and sports personalities and works in the areas of broadcast rights, corporate marketing initiatives, social impact, and sports properties for sales and sponsorship opportunities. Founded in 1975, CAA is headquartered in Los Angeles, and has offices in New York, Nashville, Memphis, Chicago, Miami, London, Munich, Geneva, Stockholm, Shanghai, and Beijing, among other locations globally.
OVERVIEW
In this newly created role, the Head of International Compliance, Data Protection and Privacy will work collaboratively with internal stakeholders and external regulatory agencies to ensure compliance and mitigate risk across the company. The role will drive CAA’s European and Asian offices approach to management and mitigation of risk and compliance across all areas of CAA’s business, including Music Touring, TV, Sports Talent & Property Sales, Brand Consulting, CAA Base and Stellar (Football) and CAA Brand Management.
In addition, the role will ensure CAA’s International businesses remain compliant with all relevant data protection and privacy requirements and take a pro-active approach in identifying and mitigating data protection risk across the business.
The role will directly report into the General Counsel – Europe & Asia, based in London but will work closely with Corporate, Compliance and Data Protection colleagues in the Office of the Chief Legal Officer (OCLO) in Los Angeles.
PRIMARY RESPONSIBILITIES:
Compliance
- Oversight of the risk and compliance function for CAA’s International Offices, including AML and related issues, anti-bribery issues (e.g., FCPA and UKBA), “Failure to Prevent” offences in the UK (Criminal Finances Act) and global Sanctions policies.
- A deep understanding of risk management around sanctioned individuals and entities (whether UK, EU or US) and advising lawyers and business executives in relation to recommended approaches.
- Assisting with implementation of global policies locally. For example, Sanctions policies, Bribery policies and Gift & Business Entertainment policies, Code of Ethics and Business Conduct and Supplier Code of Conduct.
- Understanding and advising the business on relevant Environmental and Sustainability frameworks.
- Working with the OCLO to ensure CAA’s International Compliance workplace training programs for employees remain “best in class”.
- Ensuring that CAA has a robust approach with third parties it works with in relation to Compliance issues such as Sanctions, Modern Slavery and Bribery.
- Perform risk assessments to understand risk level, significance and scope to ensure robust and effective Compliance controls are in place across the business.
- Assistance with Compliance (UK, Europe and Asia) due diligence, as required.
- Keep up to date with, and understand, relevant laws and regulations.
- Monitor CAA’s compliance with laws, regulations and internal policies.
- Investigate irregularities and non-compliance issues and highlight or escalate areas of concern.
- Assist in the gathering of internal information in response to regulatory requests.
- Collaborate with all CAA departments to create a culture of Compliance.
Data Protection/Privacy
- Serve as the main point of contact within CAA International for staff members, regulators, and relevant public authorities on issues related to data protection.
- Ensure that CAA policies and businesses comply with GDPR / UK Data Protection Act or equivalent legislation internationally.
- Leading the approach to, and handling of, Data Subject Access Requests across CAA’s International offices.
- Evaluate the existing data protection / data transfer framework to identify areas of no or partial compliance and rectify any issues.
- Working closely with CAA’s Chief Information Security Officer team and conduct annual data mapping exercises for UK, Europe and Asia.
- Understanding and implementing “Privacy by Design” in relation to projects.
- Promote a culture of data protection and compliance across CAA International to ensure employees understand their importance.
- Provide expert advice and educate employees on important data compliance requirements
- Assisting the Business Affairs teams with the review and negotiation of IT Security and Data Protection clauses in contracts and Data Protection Agreements (DPAs).
- Assistance with Data Protection (UK, Europe and Asia) due diligence, as required.
- Completing Compliance and GDPR onboarding questionnaires required by new clients.
- Draft new and amend existing internal data protection policies, guidelines and procedures, in consultation with key stakeholders.
- Deliver training across all business units to staff members who are involved in data handling or processing; ensure robust document retention policies are in place and are being followed.
- Conduct audits to ensure compliance and to address potential issues.
- Maintain records of all data processing activities of the company.
QUALIFICATIONS/REQUIREMENTS
- Strong academic background: LLB (Hons), BA (Hons) or BSc (Hons) 2:1 or above and (if relevant) Graduate Diploma in Law Merit and above; LPC Merit and above.
- At least 8-10 years of working as a Compliance / Data Protection professional at a large multinational or global professional services firm (e.g. a top tier law or accountancy firm), with some exposure to privacy laws in Asia (mainly Singapore, China and Hong Kong).
- Strong preference is for a legally qualified solicitor (England & Wales) but will consider outstanding candidates without a legal qualification who can demonstrate their ability to excel in the role.
- Strong knowledge of all Compliance related law and regulation including AML and related issues, anti-bribery issues (e.g., FCPA and UKBA), “Failure to Prevent” offences in the UK and global Sanctions policies.
- Strong knowledge of EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
- Sufficient knowledge of information technology and data management systems required.
- Strong demonstrated ability to establish collaborative working relationships at all levels and build consensus.
- Demonstrable experience running investigations into Compliance related issues.
- Ability to work supervised and unsupervised, exercise leadership, and influence change.
- Excellent communication skills.
- Strong change and project management skills including time management, prioritisation and handling multiple deadlines.
- Ability to use independent judgment and discretion when making decisions.
- Detail-oriented approach needed to recommend and implement strategic improvements on a range of issues.
- Ability to handle confidential and sensitive information with the appropriate discretion.
- Excellent analytical and communication skills.
Please provide complete and legible information. An incomplete application may affect your consideration for employment.
Creative Artists Agency, UK Limited (the “Company”) is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of age, sex, sexual orientation, gender reassignment, race, religion or belief, ethnicity, national origin, alienage or citizenship, disability, marital status, military status, pregnancy and maternity or any other legally-recognized protected basis under UK law.
The Company also complies with applicable laws with regard to providing reasonable accommodation for qualified individuals with disabilities. Please inform the Company’s Human Resources Department if you need assistance completing any forms or to otherwise participate in the application process.
Creative Artists Agency, UK Limited (the “Company”) is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of age, sex, sexual orientation, gender reassignment, race, religion or belief, ethnicity, national origin, alienage or citizenship, disability, marital status, military status, pregnancy and maternity or any other legally-recognized protected basis under UK law.
The Company also complies with applicable laws with regard to providing reasonable accommodation for qualified individuals with disabilities. Please inform the Company’s Human Resources Department if you need assistance completing any forms or to otherwise participate in the application process.
CAA does not accept unsolicited resumes from third-party recruiters unless they were contractually engaged by CAA to provide candidates for a specified opening. Any such employment agency, person or entity that submits an unsolicited resume does so with the acknowledgement and agreement that CAA will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.
Creative Artists Agency (CAA)
www.caa.com
Los Angeles, United States
Richard Lovett
$500 million to $1 billion (USD)
1001 to 5000 Employees
Company - Private
Culture & Entertainment
1975