Chief Information Security Officer

Role Overview

• Design and implement Filigran's first CSIRT and Security Operations (SecOps) framework.
• Define processes for incident detection, response, containment, and recovery.
• Manage relationships with external Managed SOC providers for hybrid Level 1 monitoring.
• Act as primary incident commander for security events and data breaches.
• Build and maintain incident playbooks and escalation paths.
• Drive post-incident reviews and lessons learned.
• Ensure timely breach notification to supervisory authorities in coordination with the General Counsel.
• Leverage Filigran's own products (OpenCTI, OpenBAS/OpenAEV) to run advanced threat intelligence analysis and attack simulations.
• Continuously evaluate threats relevant to Filigran and its ecosystem.
• Provide actionable intelligence to leadership and engineering teams.
• Establish the Filigran-CERT (F-CERT) and position it as the trusted security function for the company.
• Build and maintain an ISMS aligned with ISO 27001, SOC 2, or equivalent standards.
• Lead security certification efforts and manage external audits.
• Own the vendor security assessment process and third-party risk management program.
• Hold the formal Data Protection Officer mandate under GDPR, serving as the official point of contact for supervisory authorities (e.g. CNIL).
• Act as the internal gatekeeper ensuring that AI initiatives, data processing activities, and security controls meet applicable regulatory requirements.
• Collaborate closely with the General Counsel to translate legal and policy obligations into operational controls.
• Monitor evolving regulation (GDPR, AI Act, ePrivacy, NIS2) and assess operational impact in coordination with Legal.
• Handle or coordinate responses to data subject requests (DSARs) and regulatory enquiries.
• Act as a player-coach, balancing hands-on work with preparation for team growth.
• Define future roles and responsibilities for SecOps.
• Mentor and onboard new hires as the team scales.

Requirements

• Proven experience in an information security leadership role (CISO, Head of Security, CSIRT Manager, or equivalent).
• Formal DPO qualification or equivalent experience, solid working knowledge of GDPR and EU data protection law, including AI Act implications.
• Strong background in incident response, forensics, and security monitoring.
• Experience working with managed SOC services in hybrid models.
• Knowledge of threat intelligence practices and frameworks (MITRE ATT&CK, STIX/TAXII), bonus if you've used OpenCTI.
• Familiarity with red teaming, breach & attack simulation (BAS), or security testing.
• Comfortable operating at the intersection of technical security and regulatory compliance, without owning the legal function.
• Hands-on mindset: comfortable being the first security leader in a scaling organisation.
• Excellent communication skills with regulators, customers, technical teams, and executives alike.
• Fluency in English required; French is a strong plus.

Benefits

• Competitive pay + equity
• everyone shares in our success
• Remote-first, flexible, and balanced
• work that fits your life
• Your setup, your choice
• pick the gear that works for you
• Twice-a-year gatherings
• we meet in person for regional and global offsites to connect, collaborate, and strengthen our culture beyond the screen