Group Data & AI Compliance Officer
Are you ready to shape the future of digital compliance in a leading international retail and e-commerce group? We are seeking a highly experienced, pragmatic, and solution-oriented leader to own, execute, and continuously improve our group-wide compliance framework for data protection, NIS2, and AI governance. This role is positioned at the Group level with a strong strategic mandate, while being deeply operational and execution-focused. You will act as a central orchestrator across markets, using your influence, credibility, and a "roll-up-your-sleeves" mindset to ensure our standards are effectively implemented in practice and fully compatible with business innovation.
Required education: University Degree
Required languages: English (advanced), Czech or Slovak is highly beneficial
Employment form: Full-time work
-
Drive Group Governance: Take end-to-end ownership of the Group’s data protection, digital compliance, and AI frameworks, ensuring consistent cross-border implementation and clear risk reporting to management.
-
Manage Privacy & Digital Compliance: Personally drive key operational activities, including complex DPIAs, privacy/digital risk assessments, data breach responses, and act as the main interface with supervisory authorities.
-
Integrate Cybersecurity & AI: Translate NIS2 obligations into practical controls (incident reporting, supplier security) and establish practical EU AI Act concepts, including AI inventories and risk classifications.
-
Act as a Partner & Cultural Ambassador: Serve as a trusted advisor to senior stakeholders (Digital, Marketing, IT, Ops), support procurement with DPAs, and foster a strong, business-enabling compliance culture.
-
Solid Background: Minimum 5–8 years of relevant international experience in data protection, privacy, technology compliance, or cybersecurity governance, with strong hands-on GDPR expertise.
-
Tech-Regulatory Awareness: Good understanding of NIS2, risk management frameworks, and upcoming EU AI Act concepts, combined with an advanced/fluent level of English.
-
Leadership & Mindset: Proven ability to drive execution across multiple countries without formal reporting authority, using your excellent communication skills to explain complex topics in simple business language.
-
The Extra Mile (Preferred): A university degree (Law, Compliance, Data Governance), previous DPO experience, or familiarity with tools and frameworks like GRC platforms, CIPP/E, CISM, ISO 27001, NIST, or ISO 42001.
-
Real Impact & High Visibility: This is not a checkbox role. You will receive a strong strategic mandate to build and evolve our global agenda with direct exposure to senior leadership.
-
Cutting-Edge Technology Agenda: You will actively work with advanced digital transformation initiatives, shaping how a major international group navigates the exciting world of AI and innovation.
-
Dynamic International Environment: Enjoy a professional, collaborative atmosphere where you coordinate cross-functional stakeholders across Europe, balancing top-tier compliance with growth.
-
Growth & Professional Authority: A unique opportunity for a pragmatic leader who wants to see the real-world impact of their work across multiple jurisdictions rather than just giving theoretical advice.
If you are interested in this opportunity, please send your CV to groupHR@drmax.eu
Dr. Max Group is a European pharmaceutical concern owned by Penta, an investment group established in 1994, operating primarily in the countries of Central and Eastern Europe. Their offices are located in Prague, Bratislava, Warsaw, and Limassol. The business areas of Penta Investments include long-term investing in healthcare, financial services, retail, manufacturing, media and real estate development. The companies of Penta’s portfolio employ more than 43,000 people, with more than 15,000 professionals working in healthcare. The group’s assets value reached €14 billion in 2022.