What is the role?

Evy is the infrastructure behind product protection for 20+ retailers and marketplaces across Europe: Back Market, Decathlon, SEB Group, Refurbed, and others. As we scale across geographies and expand our regulated activities, we're building out our risk and compliance function at Group level.

We're looking for a Risk Manager & Data Protection Officer (DPO) to own our global risk management framework, internal control, and data protection governance. This is a senior, cross-functional role reporting directly to the CEO of the Group, covering Evy and all its European subsidiaries.

Your missions

Risk management

• Define and lead the Group's risk strategy: risk mapping (operational, compliance, financial, legal, reputational, cyber), risk appetite framework, and associated governance

Internal control (level 2)

• Design, implement, and deploy the internal control framework across all entities
• Coordinate and monitor incident tracking and corrective action plans across subsidiaries

Operational resilience

• Oversee business continuity and disaster recovery (BCP/DRP) plans
• Organize crisis simulations and lead crisis coordination in the event of a major incident

Data Protection Officer (DPO)

• Ensure Group-wide GDPR compliance: maintain records of processing activities, run DPIAs, handle data subject rights and breach notifications
• Manage relationships with subcontractors and data processors; serve as the interface with supervisory authorities

Cybersecurity & information security

• Contribute to the Group's information security posture in coordination with the CTO/CISO
• Oversee security policies (ISMS), risk monitoring, and due diligence on critical suppliers

Partner & distributor oversight

• Define and implement control plans for partners and distributors