Charlotte Gilliard

$ whoami

Charlotte Gilliard

IT Compliance & Cybersecurity expert holding a Master’s in Digital Law and a Master’s in Criminal Law with a specialisation in Cybercrime. Certified Product Owner with advanced command of GDPR, NIS2, DORA, HDS, ISO 27001 and EBIOS RM — I make the concrete link between regulatory requirements and their technical implementation, with operational experience in critical healthcare and justice environments.

Get in touch LinkedIn Blog Paris, France

// profile

I work where regulation meets implementation — turning GDPR, NIS2, DORA, HDS and ISO 27001 into controls that teams can actually ship. Two Master’s degrees in Digital Law and Criminal Law / Cybercrime, certified Product Owner, with hands-on experience in critical healthcare and the justice system.

2

Master’s degrees — Digital & Criminal Law

4+

institutions — hospital, courts, law firm

9

frameworks & regulations mastered

Law + Tech

fluent on both sides

worked across › Healthcare (critical) Justice Public Sector AI Governance Cloud Security
regulation implementation

Governance, Risk & Compliance

regulation · privacy · risk
  • GDPR compliance & DPIA programs
  • ISO 27001 (ISMS) & HDS health-data alignment
  • EBIOS RM risk assessment
  • AI Act / high-risk AI compliance
  • CNIL reference methodologies (MR)

Defensive Security & Cloud

blue team · cloud · privacy eng.
  • SIEM & MITRE ATT&CK detection
  • EDR/XDR & incident response (NIST 800-61)
  • Vulnerability management (CVE / CVSS)
  • AWS security (IAM, KMS, CloudTrail, GuardDuty)
  • Privacy engineering — pseudonymisation, KMS, encryption
// credentials & recognition
17/20

Master thesis — mention Très Bien

PSPO I

Scrum.org Product Owner

Harvard

CS for Lawyers

AWS

Solutions Architect (in prep)

// skills

GRC & Cybersecurity

ISMS Incident Management IAM EBIOS RM ISO 27001 NIS2

Digital & Data Law

GDPR DPIA HDS DORA CRA Data Act AI Act

Data Transfer & Privacy Engineering

SCC BCR Pseudonymisation Encryption Anonymisation KMS

Digital Criminal Law

Cybercrime Digital Evidence Digital Criminal Procedure

Defensive Security (Blue Team)

Defense in Depth SIEM MITRE ATT&CK EDR/XDR CVE/CVSS NIST 800-61

Cloud Security

AWS IAM KMS CloudTrail GuardDuty CSPM VPC/Firewall/IDS

Data Governance

SQL NoSQL Records of Processing Art. 30 GDPR

Agile Methodologies

Product Owner Scrum Kanban Jira

// experience

Data Protection Officer & Cybersecurity Analyst — Intern

Apr 2026 – Sep 2026

Strasbourg University Hospital (CHRU) · Strasbourg, France

Compliance and cybersecurity within a critical healthcare environment — bridging GDPR, ISO 27001 and HDS requirements with the security of medical data and applications.

  • Compliance & data protection: led GDPR compliance, ran security audits and applied the CNIL reference methodologies (MR).
  • Governance & certifications: aligned to ISO 27001 and HDS (health-data hosting) frameworks for securing data warehouses and mapping assets.
  • AI & innovation: assessed the techno-legal feasibility and regulatory compliance of high-risk AI solutions in healthcare.
  • Information security: built security KPI/KRI dashboards; supported IT, clinical-research and procurement teams to embed security and confidentiality by design into new medical and biomedical applications; designed and ran cybersecurity and health-data handling training.

Justice Assistant — Criminal Law & Cybercrime (fixed-term)

Apr 2025 – Sep 2025

Court of Appeal of Colmar · Colmar, France

Legal support to the President of the Criminal Appeals Chamber, with a focus on cybercrime matters.

  • Supported the President of the Criminal Appeals Chamber: case analysis and trial preparation.
  • Drafted judgments (arrêts).
  • Conducted legal research in cybercrime and criminal law.

Intern with the Public Prosecutor

Oct 2022 – Dec 2022

Judicial Court of Orléans · Orléans, France

Criminal-law work within the public prosecutor’s office.

  • Drafted indictments (réquisitoires).
  • Conducted legal monitoring in criminal law.

Legal Intern

Oct 2021 – Dec 2021

Démosthène Law Firm · Limoges, France

General legal practice across several areas of law.

  • Drafted legal documents.
  • Legal monitoring in administrative law, criminal law and immigration law.

// education & more

Education

University of Strasbourg

2025 – 2026

Master 2 — Law of the Digital Economy

Strasbourg, France

Compliance (GDPR, NIS2, DORA, CRA, Data Act, AI Act), Cybersecurity, ISMS (ISO 27001), Risk Assessment (EBIOS RM), Crisis Management, AI ethics, Cyber Threat Intelligence.

University of Strasbourg

2023 – 2025

Master 2 — Criminal Law & Criminal Sciences

Strasbourg, France

Thesis on sexual offences in the digital context and the protection of minors — 17/20, mention Très Bien.

University of Orléans

2020 – 2023

Bachelor of Laws (Licence) — General Law

Orléans, France

Private law, public law, international law, criminal law.

Certifications

Professional Scrum Product Owner I (PSPO I)

Scrum.org

AWS Solutions Architect – Associate (in preparation)

Amazon Web Services

Computer Science for Lawyers

Harvard University

Compliance in Practice

International Compliance Organisation

Languages

French C2 — Native
English C1 — Fluent

// contact

Let's turn regulation into controls.

gilliardcharlotte42@gmail.com LinkedIn Blog