Consultant Digital Compliance - AI & Privacy

Context

Mission based in Paris or Lille

As part of its digital transformation acceleration and the massive integration of Artificial Intelligence within its business processes, a leading international retail company is looking to strengthen its Digital Compliance team, integrated into the Corporate Cyber Core Team. The key challenge is to transition from reactive compliance to an integrated approach (By Design). The consultant will operate in a complex international environment with an immediate priority on Privacy and AI, while anticipating emerging European regulations.

Missions

Your responsibilities: The consultant will be responsible for industrializing compliance processes.

Main Objectives:

• Operational Expertise: Provide daily support to Digital Product and IT teams during the deployment phase of the Privacy By Design framework (support Product Owner in the completion of the deliverables - participate in coordination with digital security officers to the completion of the mandatory DPIA - support Compliance Program Manager to ensure planning and quality of the deliverables - maintain the Data Processing Registry up-to-date in the digital data processing perimeter).

• AI Framework: Create a reference framework for responsible and compliant AI - Ensure proper integration of the framework within the Privacy By Design framework - Deploy the framework - Work in close cooperation with the data.AI Center of Expertise to ensure alignment with data and AI governance approach.

• Change Management: Animate Product Owner and Privacy/Compliance Officer community for all the digital domains - Document awareness support dealing with Privacy and AI compliance - Animate awareness sessions as required depending on the topic.

• Standardization: Unify impact assessment methodologies across the data and AI regulations (DPIA x AI Impact Assessment) - Work in collaboration with the Cyber Compliance Analyst.

• Inventory Gap Analysis: Make the inventory of AI systems and critical applications - Assess their level of compliance.

Key Deliverables:

• "Compliance Impact Assessment" (CIA) Methodology: A methodological guide merging GDPR requirements with AI Act criteria.

• "AI Compliance-by-Design" Framework: A set of policies, checkpoints, and KPIs to be integrated into the project lifecycle.

• DPIA / TIA Reports: Documented and validated impact assessments.

• Inventory & Gap Analysis: An exhaustive inventory of AI systems and critical applications with an associated remediation roadmap.

Reporting to the Digital Compliance Lead, the consultant will:

• Support Operations: Act as the subject matter expert (SME) for Privacy-by-Design, addressing operational queries and translating legal constraints into technical requirements.

• Lead Impact Assessments: Conduct DPIAs by integrating a "cyber layer" (interpreting cybersecurity risk assessment results to evaluate impacts on data privacy).

• Coordinate AI Governance: Work closely with the Data.AI BU to ensure every new AI project is compliant from the design phase (S2).

• Anticipate New Regulations: Prepare the organization for the requirements of the Data Act, the European Accessibility Act (EAA), and the DSA.

• Execute Asset Inventory: Identify existing systems (applications and AI models) and assess their maturity level against current and future regulations.

1. Strong capacity to lead multiple actions across several internationally distributed teams
2. Expertise in Data Compliance: in-depth knowledge of GDPR and operational mastery of the EU AI Act
3. Strong communication skills applied to different levels of stakeholders (Product Teams, Security, DPO, Legal and Leadership Team) with the ability to convince
4. Experience in risks for compliance programs
5. Cyber Culture: ability to understand and leverage cybersecurity risk assessment results
6. Strong sense of commitment, urgency, and sound business sense, with the ability to make tough decisions efficiently
7. Problem solving skills, passion for solving problems creatively, starting small, failing fast, and applying your learnings; ability to transform dense regulations into simple and actionable processes
8. Full professional proficiency in both English and French
9. AI Governance: understanding of challenges related to training data, bias, explainability, and model robustness (LLMs, Machine Learning)
10. Strategic thinking, ability to balance long-term vision with short and medium-term goals