Compliance & Privacy Officer

Rail Services Compliance Officer

Hybrid working with travel across the business

Reporting to: ESG Director – Rail Services

Contract: 6‑month Fixed Term Contract (FTC)

About the Role

The Rail Services division supports multiple businesses across the Arriva Group. This role exists to ensure that all Rail Services businesses are fully compliant with Arriva Group Policies and Standards, which manage the Group’s key compliance risks, including: Anti‑bribery and corruption, fraud, human rights, data protection, competition law, corporate criminal offence, environment, health and safety, and other core compliance policies.

Working closely with Arriva Group Compliance, you will advise and support Rail Services businesses to ensure a standardised and streamlined approach to compliance controls, documentation, and assurance activity, aligned to Group requirements.

The role will also act as the Data Protection Champion across all Rail Services businesses, providing oversight, guidance, and support on data protection and retention matters.

Key Responsibilities

Manage corporate compliance and data protection frameworks across Rail Services.

Maintain and review the existing Rail Services compliance framework, controls, and processes to ensure a consistent and standardised approach.

Take responsibility for H1 and H2 compliance submissions on behalf of Rail Services businesses, in line with Group timescales.

Own the compliance communications calendar, working closely with the Rail Services Internal Communications lead to ensure timely and effective communications.

Ensure implementation of, and adherence to, compliance controls and standards across Rail Services, escalating non‑compliance where required.

Act as the key conduit between Arriva Group Compliance and Rail Services businesses, sharing feedback, guidance, and best practice.

Undertake regular compliance assurance activity and provide SME support where processes or documentation require enhancement.

Provide guidance and support on data protection and data retention matters across Rail Services.

Manage data protection communications and support investigations into data incidents.

Support Rail Services governance activities as required.

Support the collation of Data Protection Impact Assessments (DPIAs).

Ensure Records of Processing Activities (ROPAs) are maintained through structured engagement with data owners.

Ongoing Responsibilities

Continual

Develop and maintain compliance training and awareness materials on priority policy areas.

Drive continuous improvement to raise compliance knowledge across Rail Services.

Respond promptly to employee queries and incidents relating to compliance.

Monitor compliance maturity against all in‑scope policies.

Track completion of mandatory e‑learning and follow up on outstanding training.

Review and maintain compliance registers, including anti‑bribery, conflicts of interest, and contacts registers.

Monthly

Provide compliance updates to local Senior Leadership Team (SLT) meetings.

Participate in bi‑monthly Data Protection Champion calls, representing Rail Services and reporting on incidents.

Quarterly

Support the administration of Quarterly Risk Reviews.

Bi‑Annual

Complete and submit Corporate Confidence compliance returns to Group Compliance.

Submit detailed data protection and data retention control returns.

Annual

Oversee completion of the financial crime risk assessment for in‑scope Rail Services businesses.

Submit Tax Control Management System returns where required.

Complete annual returns on compliance registers and mitigations to Group Compliance.

Deliver targeted compliance training to relevant Rail Services teams.

About You

You will be a proactive and organised compliance professional, comfortable working across multiple stakeholders and priorities, and confident operating within established frameworks.

Essential requirements:

Relevant qualification and minimum of two years’ experience in a compliance or related role.

Broad understanding of corporate policy compliance and GDPR / data protection.

Ability to manage multiple tasks in a fast‑paced environment.

Self‑starter with the ability to plan ahead and work through ambiguity.

Strong communication skills, with the ability to simplify complex information.

Continuous improvement mindset with experience improving processes.

Commercially aware and focused on delivering a high‑quality service.

Experience working across cross‑functional and cross‑disciplinary teams.

Strong stakeholder management skills, including influencing remotely.

Collaborative approach, working effectively with Rail Services, Arriva UK Trains, and Group functions.