This position will make you the preferred point of contact for operational teams for ensuring compliance of supplier contracts and services used within the Group. You will act as a Business Partner capable of identifying risks and evaluating them to propose mitigation solutions whose implementation you will monitor.

• Participate in ENGIE’s personal data protection strategy;
• Establish and update policies, procedures and best practices;
• Contribute to employee training and awareness actions;
• Instruct and bring Engie IT’s internal processing into compliance and support the Group’s major projects (e.g. HR systems, Finance, Purchasing)
• Negotiate privacy clauses and descriptive processing annexes and ensure compliance of contractual relations with Subcontractors.
• Act alongside a GDPR project manager in the privacy by design and by default approach by carrying out the interviews necessary to carry out Data Protection Impact Assessment (DPIA) with business teams, document DPIAs, advise project teams on the practical measures to be implemented from the design phase of the target solution, present the intermediate results of the DPIA to the Group’s Privacy governance body
• Work in collaboration with the Data Privacy Officers and Data Privacy Managers of the entities concerned by the processing, the legal, purchasing, security teams, etc.
• Assist in the implementation of operational processing processes linked to the DPM (exercise of rights, management of security vulnerabilities in the event of a data breach, etc.)
• Help manage the ENGIE IT registry tool;
• Investigate data breaches and, if necessary, carry out notifications;
• Manage requests for access rights from data subjects;
• Coordinate and consolidate compliance progress reporting on Group projects;
• Assist in the preparation of Committees such as the Privacy Operations Committee, quarterly privacy committees and the annual Data Privacy Conference.
• Represent Engie IT in the governance of Engie’s privacy sector (bodies, cross-functional projects, feedback, sharing of the project roadmap and compliance dashboard)

Master’s degree specialized in personal data protection You have at least 7 years’ experience within large international groups. Expected technical skills:

• Perfect knowledge and practice of the principles of the General Data Protection Regulation (GDPR) and ECBP recommendations
• You know the field of IT and cybersecurity. Technical and organizational measures hold no secrets for you
• Experience and ability to understand and analyze (and coordinate if necessary) all operational and legal issues in the areas of personal data protection;
• Ability to lead a project (coordination, escalation, risk management, planning, reporting) within the framework of a customer relationship
• A very pragmatic legal sense. You act like a business partner because you know how to define a strategy and an action plan in this area. You have the ability to act as a project manager and you know the means to implement to carry out your action plan.
• You are reliable, diplomatic, a good negotiator with strong analytical and writing skills. You have a keen sense of synthesis allowing you to map business needs
• Perfect command of French and English, both written and spoken, is essential to occupy this position.