Head of Risk and Compliance – Tottenham Hotspur Football Club
Tottenham Hotspur

Founded in 1882 and based in North London, Tottenham Hotspur Football Club has a tradition of playing an entertaining and attacking style of football.

In April 2019, the Club opened a new 62,303-seat technologically advanced stadium that sits at the heart of a £1billion sport-led regeneration of North Tottenham. The stadium is the largest football club stadium in London and as a multi-use venue with the ability to host a variety of events 365 days a year, including NFL, rugby, concerts, and other corporate and private events, is a key step towards catapulting the Club from a Football Club to a globally renown Sports and Entertainment brand. 

We are looking to appoint a Head of Risk and Compliance to take full responsibility for the management of the Club’s risk and compliance obligations, ensuring all statutory requirements are being met or exceeded and delivering to the highest of standards.

The purpose of the role is to: 

• Identify and mitigate risk.
• Streamline processes and increase efficiency.
• Ensure compliance with regulations.
• Track data and workflow.
• Automate basic tasks.
• Approve and activate new suppliers and new technology platforms.
• Centralise the risk function and subsequent mitigation processes.

KEY RESPONSIBILITIES

The key responsibilities of the position include, but are not limited to the following:

• Monitor compliance with data protection and privacy legislation and the Club’s
• related policies in an environment dealing with significant amounts of personal data.
• Advise and support teams across the business to meet their obligations to protect personal data in line with legislation.
• Monitor regulatory and legislative developments to devise and maintain policies and procedures to regulate the processing of personal data and set out how to interact with external bodies, regulatory authorities, and data subjects.
• Establish and maintain influential working relationships at all levels necessary to successfully promote compliance strategies, and continuous improvement opportunities.
• Review contracts to ensure that appropriate data protection wording is included.
• Manage data subject access requests within stipulated timeframes.
• Co-manage data incidents and breaches to ensure reporting obligations are adhered to.
• Document new processes and assist the business in completing relevant assessments, e.g., privacy impact, legitimate interests, and data protection impact assessments.
• Co-manage the Club’s system asset register to ensure all platforms used to process personal data across the Club are documented and assessed.
• Manage the Club’s Risk & Compliance systems including GRC and Due Diligence platforms.
• Review completed assessments and take any identified risks through a treatment process with the business, assigning and managing the completion of tasks where required.
• Manage third party relationships for the maintenance of existing Risk & Compliance platforms and create business requirements for any identified enhancements.
• Perform ongoing compliance reviews of all active vendors to cover a broad range of compliance checks.
• Carry out rationalisation exercises to identify any overlap in vendor services and, where appropriate, question business plans to change existing arrangements.
• Manage the compliance on-boarding of new vendors to ensure adherence with Club policy.
• Based on the nature of the engagement with new suppliers, co-manage the external assessment process with the Club’s Cyber Security Team.
• Manage ad-hoc customer compliance analysis requirements.
• Board level reporting of key risks and subsequent mitigation plans.
• Oversee internal PCI DSS audit processes and subsequent ongoing management.
• Act as key stakeholder for an ISO 27001 implementation.
• Oversee the Club’s insurance policy portfolio by identifying gaps in current cover and making informed recommendations to mitigate.
• Co-manage the Club’s risk register along with other departments, e.g., Safeguarding, EDI, Health & Safety etc.
• Act as a key stakeholder on compliance related projects e.g. new system implementations, brand protection and Net Zero initiatives legal
• Oversee and implement ongoing staff compliance training program.
• Ensure that staff are aware of their compliance responsibilities, accept accountability and understand reporting obligations.
• Assist in the management of regulatory examinations and enquiries and represent the Club on issues as required.
• Sustain a strong risk culture that identifies and provides oversight and escalation of existing and emerging compliance issues across business units, legal entities, geographies, and jurisdictions.
• Develop and articulate sound proposals to key stakeholders which influence and drive timely decision making.
• Cultivate relationships and collaborate with multiple stakeholders, including Heads of Departments, internal and external Legal counsel, regulatory bodies and auditors.
• Establish a large-scale vision, developing the strategy to support the vision, gaining consensus across key functional leadership areas through effective communications and successful delivery against goals and objectives.

KEY EXPERIENCE

The key responsibilities for the role include, but are not limited to the following:

• Extensive experience in managing a compliance function with a focus on data protection.
• A solid understanding of European and UK data protection law.
• Both CIPM and CIPP/e qualifications or relevant alternative.
• An understanding of other relevant compliance functions such as ESG, PCI-DSS, AML and EDI.
• Demonstratable experience of delivering sustainable compliance frameworks.
• Management and subsequent treatment experience of a digital risk register.
• Ability to work autonomously in creating and executing strategies.
• Excellent verbal and written communication skills.
• Experience in process and data flow mapping.
• Experience in using GRC and due diligence technology.

The Executives in Sport Group are retained on behalf of Tottenham Hotspur Football Club to appoint a Head of Risk and Compliance. All direct applications and CV’s will be forwarded to The Executives in Sport Group.

Apply back to Jobs listings