Senior Data Protection Expert
Paris 01 Louvre (Paris)
Job description
Develop the protection of personal data for SCOR Group: all business lined, regions and entities.
Work closely with the Group DPO, the Group CCO, the Group CISO and with the strong support of the Chief Legal Counsels of the Life and P&C Business Units as well as the Region Compliance Officers, Legal Counsels and correspondents supporting data protection matters in their respective areas.
Required experience & competencies
Experience:
· Extensive experience in data protection of information security
· Deep knowledge of privacy and data protection regulations and standards
· Proven track record in developing and implementing successful data protection programs
· Extensive experience in operational, advisory and control data protection activities
Personal competencies:
· You have excellent communication and interpersonal skills with the ability to influence and educate stakeholders
· You assimilate and interpret information quickly; and explain complex legal, regulatory and policy requirements to colleagues without using confusing technical or legal jargon
· You have the confidence and self-awareness required to identify gaps in your own knowledge; and the intellectual curiosity to continually develop your professional expertise
· You have good digital skills
· Knowledge of OneTrust would be appreciated
You will develop and implement comprehensive data protection strategies, manage specific projects and you will be in charge of overseeing a dedicated geographical area and a specific scope of entities. Together with the DPO, you will lead SCOR’s efforts in ensuring compliance with data protection regulations:
ADVISORY ACTIVITIES
· Provide expert advice to business teams on data initiatives and the adoption of emerging technologies while ensuring data protection compliance
· Provide advice and guidance on the identification, definition, recording, evaluation, mitigation and remediation of risks related to the processing of personal information
PROJECTS
· Actively contribute to the development of a co governance with the Data Office Department
· Participate to the Data Protection Enhancement Program for the adoption of Binding Corporate Rules and the improvement of the Retention & Deletion Policy and Framework
· Conduct privacy risk assessments and develop ‘privacy by design’ to support the teams launching new projects and activities entailing the processing of personal data
· Support the completion of Data Protection Impact Assessments (DPIAs) for new projects or initiatives; recommend appropriate remedial actions and monitor their implementation
· Work closely with the Legal & Compliance team to ensure agreements align with data protection requirements
· Support the completion and maintenance of the ‘record of processing activities’ to comply with record-keeping, transparency and accountability regulatory requirements
DATA BREACH RESPONSE
· Lead the response to data breaches including investigation, notification and mitigation efforts
TRAINING AND AWARENESS
· Design and deliver communications, presentations, trainings and events to promote the culture of data protection
GOVERNANCE AND CONTROLS
· Work with the Group DPO to assess privacy risks and monitor a risk-based annual ‘privacy and data protection assurance plan’ designed to evaluate compliance with relevant policies, legislation and regulatory guidance
· Contribute to the development of privacy and data protection controls to evaluate the effectiveness of data protection measures
· Conduct targeted assurance reviews and audits focused on: (1) internal business processes; and (2) business processes used by external service providers acting as processors or sub-processors