Legal & Compliance Expert

At HEINEKEN Kraków (HEINEKEN Global Shared Services) our success comes directly from our great people. We are a growing team of finance, accounting, data and technology professionals ready to „WOW” the world with our expertise, passion and pride to be GREEN. Our employees can develop in the following areas Finance, Support functions, Digital & Technology, Transport Management.

Legal & Compliance Expert

The purpose of the Legal & Compliance function (L&C) is to ensure that HEINEKEN Krakow complies with specific regulatory requirements and the employees comply with HEINEKEN Kraków internal policies, rules and outside specific regulatory requirements in order to help organization manage risk and maintain a positive reputation.

The L&C function scope covers areas of: Legal, Code of Business Conduct (COBC), Data Privacy, and L&C Risk Management. L&C Manager with the L&C Function is empowered to identify any trends or new regulatory related risks to the business and advises the Management Team on any remedial actions needed.

Legal & Compliance Expert role is to provide high quality SME expertise to L&C Manager, engage with HEINEKEN Kraków, Global Functions and OpCos relevant stakeholders, as well as provide ongoing advisory for HEINEKEN Kraków employees. Legal & Compliance Expert role is to also drive awareness activities at HEINEKEN Kraków as agreed within the L&C function.

Your responsibilities would include:

1. Data Privacy - providing SME advisory and coordinating privacy and data protection efforts, ensuring alignment of local procedures with EU, Polish, and HEINEKEN internal regulations, managing the PIA/DPIA process in collaboration with Legal & Compliance, requestors, and external consultants, including review and mitigation recommendations, supporting GDPR compliance in projects by advising on principles like privacy by design, data minimization, and retention, maintaining up-to-date records of processing activities, coordinating and verifying Data Processing Agreements, leading data breach investigations and related communications, handling data subject rights requests, and fostering strong relationships with internal stakeholders and external partners to identify and mitigate privacy risks.
2. Code of Business Conduct - coordinating activities with the local business conduct workgroup, maintaining contact with the global COBC team, and supporting the setup of governance models, monitoring relevant legislation and internal changes while proposing updates to policies and procedures, contributing to COBC training plans and attendance tracking, keeping COBC materials on SharePoint up to date, promoting COBC topics in alignment with the Legal & Compliance function, supporting annual reviews and operational tests of the dawn raid process, collaborating with other HEINEKEN Kraków teams on topics such as health and safety, human rights, discrimination, environment, and responsible communication, and assisting the L&C Manager in overseeing COBC-related areas including data privacy, bribery, corruption, money laundering, sanctions, conflicts of interest, insider dealing, and the management of gifts, entertainment, hospitality, and donations.
3. Legal process - coordinating and validating legal and compliance checks within the third-party agreements process in collaboration with the Procurement Officer, external legal advisors, L&C Manager, Finance Manager, and requestors, monitoring and assessing new regulatory developments while providing actionable recommendations, designing and implementing local controls, policies, and procedures to ensure compliance with local laws and HEINEKEN Group standards, as well as coordinating the preparation and maintenance of powers of attorney (POAs) and related data.
4. Risk Assessment - contributing to the periodic risk assessment process led by the internal control function, identifying new legal and compliance risks, proposing and executing mitigation plans, and reporting progress to the L&C Manager and internal control team.

You are a good candidate if you:

1. Hold a Master’s degree in law.
2. Have at least 5 years of experience in Legal, Compliance, or Audit, including a minimum of 3 years of practical experience with GDPR in a corporate environment.
3. Possess strong knowledge of GDPR legislation and have successfully implemented GDPR compliance programmes.
4. Have experience with other relevant compliance areas, such as labour law (considered a plus).
5. Are capable of developing a deep understanding of business operations and external risks.
6. Have demonstrated effectiveness in navigating complex organizational environments.
7. Are able to manage projects involving multiple stakeholders and deliver compliant outcomes.
8. Have strong investigative skills and are confident in challenging assumptions when needed.
9. Communicate fluently in both English and Polish, both in writing and speaking.

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.