Data Privacy Assurance Officer - (F/H)
CDI Paris 1er Arrondissement (Paris) IT development
Job description
The AXA Group, world leader in Financial Protection, supports and advises its individual and corporate customers at every life stage, providing the products and services that meet their insurance, personal protection, savings and wealth management needs. The Group employs 163,000 people and encompasses about 370 legal subsidiaries.
General information
Within the Group Data Privacy Officer team, Data Privacy Assurance Officers (DPAOs) report directly to the Group Data Privacy Officer.
Data Privacy Assurance Officers are based in GIE AXA from 1/1/2019, usually at Paris, in headquarters in Matignon.
Data Privacy Assurance Officers perform on-site reviews of AXA Group subsidiaries compliance with the AXA Binding Corporate Rules (BCR) and AXA Group Data Privacy Standard (Standard – including GDPR requirements) in major cities across the world, with travels on a regular basis expected as per below
· mainly about 3 days in Europe – twice per month
· 5 to 12 days outside of Europe – twice per year
Primary mission
AXA Group is committed to maintaining the privacy of data obtained in the course of its business activities and complying with applicable laws and regulations regarding the processing of Personal Data and Sensitive Data.
AXA Group has a global Data Privacy Organization/Governance with (i) a Data Privacy governance model approved by Management Committee, (ii) a Group Data Privacy Officer, (iii) a Group Data Privacy Steering Committee, (iv) a worldwide network of Data Privacy Officers (DPOs) coordinated by the Group Data Privacy Officer (GDPO), (v) a Group Data Privacy Standard and (vi) Binding Corporate Rules.
AXA is the first insurance group to have BCR approved by EU Data Protection Authorities.
Data Privacy Assurance Officers provide additional assurance of AXA Group subsidiaries compliance with the BCR and Standard.
Core activities
1. Data Privacy Assurance Framework improvement
· Improve the assurance framework based on
· Standard/BCR self-assessment checklist results and evidences
· Data privacy Audit and Assurance reports
· Data Protection Authorities (DPA) audit practices
2. Discovery and Assessment
· Review the self-assessment checklist results and evidences
· Review assessments from Audit, Compliance, Information Security and Operational Risks
· Plan the on-site assessments
· Perform the on-site assessments, with a DPO from another entity, or another DPAO or an external counsel/contractor.
· Propose pragmatic recommendations on data privacy and seek entity's DPO input
· Prepare reports to management
3. Remediation phase
· Ensure action plans are defined and carried out to fix issues identified in the discovery and assessment phase
· Validate closure of selected issues
Desired profile
Qualifications :
Technical and Professional Skills:
· Overall Data Privacy Knowledge (legal and technical)
· Data privacy audits
· Master degree in Legal or IT or Audit
· Business Acumen
· Legal skills
· IT general skills
· Risk Management
· Audit general skills
Relational skills:
· Analytical skills
· English fluent
· Reliable
· Communicationandsocial skills
· French fluent
Management skills:
· Abality to work in an international environment
· Ability towork in a matrix environment
Experience:
· At least 5 years of experience in Legal or IT or Audit of which minimum 2 years in Data Privacy
· Data Privacy Audits experience
· Experience in different operation departments