Ethics & Compliance Officer and Data Privacy Manager

Date de publication : 04/12/2024

Requisition ID : 38674

Ethics & Compliance Officer and Data Privacy Manager of Tractebel Engineering SA (France) (the perimeter)

Reporting to the Head of Legal, Ethics & Compliance of the perimeter, your main assignments will be:

Ethics & Compliance Officer of the perimeter:

Support the Head of Ethics and Compliance of the perimeter in implementing and following up on the compliance program of Tractebel and Engie Group in the entire perimeter, including all legal entities, subsidiaries, branches, offices, permanent establishments and projects:

Implement Tractebel and Group E&C policies, procedures, guidelines, tools, adjust to comply with local laws, and arrange for translations in local language, whenever necessary.
Prepare files for approval as required by specific risk or investment procedures, decide or give recommendations when required.
Report and follow up through the Group tool incidents and received denounces; conduct, manage, and report on (internal and external) investigations; draft and follow up actions plans.
Support internal and external audits on ethics. Conduct or participate in local internal audits to ensure proper implementation of the Ethics & Compliance (E&C) program in the perimeter.
Prepare required reports, including the annual compliance report and the status of the compliance program during the management meeting.
Identify stakeholders and carry out annual risk assessments of business and operational activities within your perimeter.
Participate in the ISO 37001 certification process and follow-up audits, action plans and external monitoring.
Act as the business process owner of the ethics internal control process (COR-4) preparing the answers and required justifications.
Define, follow up, and monitor ethics action plans and remedial actions.
Develop and implement a specific communication and training plan in collaboration with management, and animate trainings when necessary.
Follow up on the attendance of the mandatory training plan with support from the HR department.
Manage, lead, and support the network of ethics officers and correspondents within your perimeter.
Enhance the ethics and compliance culture throughout the perimeter.
Interact with business and support line staff on ethics matters. Adress ethics and compliance issues raised by staff.
Perform due diligence on counterparties and/or review its results, making an assessment of risks and providing recommendations.
Attend to Ethics & Compliance meetings and trainings promoted by Engie and Tractebel.

Data Privacy Manager of the perimeter:

Support the Head data privacy manager of the perimeter in implementing and following up on the data privacy program of Tractebel and Engie Group in the entire perimeter, including all legal entities, subsidiaries, branches, offices, permanent establishments and projects:

Implement all current and future national and European legislation (including the GDPR), regulations, opinions and advice of the data protection authorities relating to data protection, and follow up on the compliance of the entities within your perimeter with these regulations.
Implement Tractebel and Group data privacy policies, procedures, guidelines, tools and adjustment to comply with local laws, and arrange for translations to local language, whenever necessary.
Prepare annually a data privacy compliance program for the entities within your perimeter, indicating the priorities and challenges for each year, and present it to the Head of Legal, Ethics and Compliance of the perimeter.
Ensure accountability: documentation of all compliance efforts in the entities within your perimeter.

Business process owner of the data privacy control process (COR-7) for all the entities within your perimeter. Define, follow up, and monitor the action plans and remedial actions.

Regular (at least annual) data mapping exercise for all the personal data processing of the entities within your perimeter to ensure an up-to-date record of processing activitie, followed by an update of all the necessary data privacy documents (i.e. the privacy statements).
Prepare required reports, including the annual data privacy report, quarterly KPIs…;
Keep the management of the entities informed of all data privacy mattes within your perimeter (i.e annual report, data privacy program, data breaches, important events, …)
Carry out annual risk assessments of business and operational activities within your perimeter;
Advise business and support staff on all data privacy matters, support with the drafting of all the necessary (contractual) documents and handle all queries.
Ensure the implementation of all Group awareness campaigns and implement dedicated local awareness campaigns where necessary to ensure that staff knows and complies with the ethics requirements.
(Mandatory) data privacy trainings attendance and follow up. Where necessary, organize local trainings and ensure follow up of attendance.
Manage, lead, and support a network of local data privacy champions in the relevant departments and local entities within your perimeter.
Perform and help the business and support functions to perform privacy by design and data protection impact assessments.
Support with, and if required perform, internal and external audits;
Treat and report data breaches at all the appropriate levels.
Treat data subject requests.

Profile:

You have a law degree;
You have 10 years’ experience working as an in-house or external lawyer;
You are bilingual in French and English
You have specific experience in compliance and data privacy matters;
You have a good understanding of the business issues and are eager to work in an international environment;
You are pragmatic, flexible and solution-seeking;
You work well in a team and have excellent communication and presentation skills;
You have an entrepreneurial spirit and are well-organized;
You have good analytical and synthetical skills;
You are stress resistant and keen to meet deadlines;
You are rigorous and professional.