About Orange Business:

Orange Business is a leading network and digital integrator company with offices in 65 countries worldwide, and part of the Orange Group.

Digital Services, a business line of Orange Business, is a newly created division within Orange Business. In Europe the business line consists of approximately 1500 people distributed across 10 countries. We are digital natives, with innovation at the core of our business, which makes us a reliable partner close to our customers. Our joint mission is to help innovate, drive and lead them in their digital transformation challenges and business strategies in key digital domains, including Cloud, Customer Experience, Digital Workspace and Data & AI. As an agile and fast-moving digital business partner, the business line offers trusted end-to-end solutions and products that help businesses in a wide range of industries in the private and public sector transform their operations, enhance customer experience, and drive growth.

With our digital expertise, we are a strategic partner of Orange Business objectives to be a leading network and digital integrator with our team as a key growth engine.

About the SGC team:

In Security, Governance and Compliance (SGC), we enable everyone in Digital Services Europe (DSE), Orange Business to perform business activities according to regulatory and certification standards as well as business requirements. Secure and compliant operations are an important element in the company reaching business goals, and SGC has close cooperation with both customers as well as the DSE delivery organization. Our work is aligned with the business strategy to ensure SGC is an integral part of driving innovation and keeping up with changing business needs.

We firmly believe that good security and compliance will be achieved through an engaged and competent workforce, using policies, processes, and tools to support our high commitment to security. We believe security and privacy are core values which influence all DSE organization. This is an important reason why the DPO is organized in SGC, as well as ensure a strong line of reporting to the leadership level on privacy situation and development.

About the position:

The position is organized in the Orange Business DSE Regulatory Department, but direct reporting on Privacy is made to the Executive Management Team of DSE. In the day-to-day work, the DPO monitors DSE's commitment to, and execution of agreed actions needed to comply with GDPR. This requires the DPO to interact with many parts of the DSE organization on all organizational levels providing guidance and support on regulatory topics. To be successful, this requires excellent communication and collaboration skills.

The DPO will also work externally with suppliers, partners and customers, as an advisor, to ensure that the parties provide data subjects with the general data protection and data privacy that is required, and that service agreements are kept up to date to define the roles and responsibilities of each party. In addition, the DPO is cooperating with external regulatory bodies, partners/auditors, and with the Orange Business Privacy organization.

The DPO is also the internal point of contact for DSE on other EU regulations such as NIS2, DORA, AI Act, and CER. This task is to provide internal guidance and support on the interpretation and implementation of EU regulations in DSE.

Your job

You will act as an internal advisor and a partner for your customers, providing guidance, assessments and support on their security development to ensure continuous, robust, and secure delivery.

Additionally, you will assist the Group CISO and DSE to comply with EU regulations, such as NIS2, DORA, GDPR, AI Act and CER.

Your key areas of responsibility:

• Establish procedures and processes necessary to enable DSE to implement GDPR in policy and business activities
• Provide guidance and support on NIS2, DORA, AI Act and CER
• Ensure the group policies are updated and maintained to comply with GDPR and support the organization in implementing these
• Advise and support on the performance of Data Protection Impact Assessments and monitor their execution.
• Ensure that all processing activities are based on appropriate legal grounds and documented accordingly.
• Handle or oversee responses to data subject access requests (DSARs), rectifications, erasure, and other GDPR rights.
• Regularly initiate audit activities to ensure continued compliance
• Conduct or coordinate training and awareness raising for staff involved in processing operations.
• Maintain a systematic and publicly available inventory of personal data processing activities
• Managing Privacy/Data protection risks
• Represent SGC/DSE in Orange Business monthly regulatory Privacy forum
• Report on Privacy matters to the Executive Management Team
• Liaise with local Data Protection Agencies (DPAs), incl. reporting personal data processing activities to the relevant DPAs
• Report Data Breaches to Data Controllers and/or to the Data Protection Authorities and data subjects

As an ideal candidate you must have:

• Documented university or college degree in IT, Information Security, Law, or equivalent competence through work experience
• Minimum 2 years of working in a relevant position with Privacy and regulatory matters
• Ability to take ownership and responsibility in guiding DSE and its customers on Privacy questions and problems
• Excellent communication skills, an ability to meet the customers at their respective levels
• Excellent communication in English
• Very good knowledge of EU regulations in the Information Security area

Other preferred qualifications would be:

• Experience in GDPR auditing, IT security, or AI regulations.
• Experience in Risk Management.