GRC, Information & Security Manager
France
Full Time
3 weeks ago
No Sponsorship
Key skills
AWSCloudSDLCGoAILeadershipSalesPenetration TestingCloud Security
About this role
Role Overview
- Lead and oversee certification processes, maintaining SOC 2 Type 2 compliance and being able to drive adoption of ISO 27001 and ISO 27701 as the company grows.
- Ensure compliance with GDPR, the EU AI Act and Cyber Resilience Act, staying ahead of regulatory changes that affect our product and operations.
- Maintain comprehensive security controls documentation and compliance records.
- Act as the primary security contact for enterprise clients.
- Assist sales and go-to-market teams by completing security questionnaires and clearly communicating our security posture to potential customers.
- Audit cloud provider controls and security configurations (AWS).
- Enforce robust access management practices and security controls across our infrastructure.
- Partner with engineering to embed secure development practices throughout the SDLC.
- Draft, maintain, and enforce company-wide security policies that are practical and scalable.
- Conduct security risk assessments and develop actionable mitigation strategies.
- Foster a strong security culture through internal guidelines, training, and awareness initiatives.
- Monitor for security incidents and ensure response procedures are well-defined, tested, and effective.
- Coordinate regular security audits and penetration testing engagements.
- Continuously evaluate and recommend security tools, automation, and frameworks
Requirements
- 5+ years of experience in security roles (Security Officer, GRC Manager, or Security Engineer)
- Expertise in SOC 2 and/or ISO 27001 compliance frameworks
- Solid understanding of cloud security best practices in a scale-up environment
- Experienced in writing and implementing security policies that are practical and enforceable
- Biased for action : you identify and drive security improvements without waiting to be asked
- A fast learner able to stay ahead of the fast moving regulatory landscape
- Meticulous in documenting and enforcing security policies
- Able to communicate security concepts clearly to both technical and non-technical audiences
- Collaborative and effective working with engineers, compliance stakeholders, and leadership
- Experience with AI governance frameworks (ISO 42001) or emerging AI-related certifications (Nice to Have)
- Background of building security programs from the ground up in a high-growth startup (Nice to Have)
- Familiarity with security automation tools that streamline compliance workflows (Nice to Have)
- Hands-on experience with incident response planning and crisis management (Nice to Have)
- French speaker (Nice to Have)
Tech Stack
- AWS
- Cloud
- SDLC
Benefits
- Enjoy a competitive salary
- Unlock opportunities for professional growth, continuous learning, and career development