Key skills
AISaaS
About this role
Role Overview
- Own the full compliance lifecycle for eIDAS v2: conduct gap analyses, define remediation roadmaps, track implementation, and prepare for certification.
- Map NIS2 obligations to Yousign’s perimeter, define the compliance scope, and drive the remediation and reporting cycle.
- Maintain and evolve Yousign’s ISO 27001 program: manage the continuous improvement cycle, coordinate internal audits, and maintain ISMS documentation.
- Serve as the primary point of contact with external auditors, ANSSI, and LSTI: prepare audit packages, manage interactions, and own the certification timeline.
- Monitor the European regulatory landscape (ETSI, eIDAS, NIS, PCI DSS, and related standards), assess impact on Yousign, and translate new requirements into actionable compliance initiatives.
- Contribute to the security of the Trusted Zone, and to fraud detection and prevention, alongside the Security & Compliance team.
- Take part in the team's weekly on-call (‘doctor’) rotation, and build automation (n8n, AI tooling, alerting) to reduce manual toil.
Requirements
- Deep, hands-on experience with at least one technically demanding compliance standard — eIDAS v2, ETSI EN 319 series, PCI DSS, or equivalent.
- Experience running gap analyses independently, building remediation plans, and implementing remediation actions directly.
- Clear distinction between advising on compliance and delivering compliance outcomes.
- Experience conducting internal audits and end-to-end gap analyses.
- Ability to produce structured remediation backlogs, rigorously track progress, and prepare audit packages that withstand external scrutiny.
- Experience managing or actively participating in a live ISO 27001 program.
- Experience in ANSSI-qualified or LSTI-accredited environments is a strong plus.
- Familiarity with the NIS2 directive and the ability to anticipate its implications for a SaaS company.
- Ability to scope obligations, map them to the business, and build a readiness roadmap.
- Confidence representing Yousign to external auditors, ANSSI, and LSTI.
- Skilled at translating complex regulatory requirements into clear, actionable language for engineering and product teams.
- Comfortable working across domains and contributing beyond core compliance activities.
- While your core is compliance, you are willing to contribute to security operations, fraud detection, and Trusted Zone security.
- Prior exposure to regulated or Digital Trust environments is a strong plus.
- Self-sufficient and able to manage multiple long-cycle compliance programs in parallel without losing track of dependencies or deadlines.
- Comfortable operating with limited oversight in a fast-moving scale-up environment.
- Pragmatic: prioritize remediation efforts based on business impact and risk, and apply the right level of rigor for the company's size and stage.
- Use AI and automation to streamline compliance and security work across the team perimeter — regulatory watch, control tracking, audit preparation, reporting — and build scalable workflows rather than one-off solutions.
- French at a native or near-native level (C2) is required.
- English at a professional working level (B2) is required for reading and working with ETSI standards, eIDAS regulation, NIS2 directive, and international compliance frameworks.
Benefits
- Stock options
- BSPCE
- Meal vouchers (Swile): €10.50/day, 50% paid by Yousign
- Health insurance (Alan): 50% covered by Yousign
- Life & disability insurance: 100% employer-covered
- Wellbeing: Axomove (4 physio sessions) and Moka.care (6 therapy/coaching sessions)
- Transportation: 50% reimbursement for public transport for hybrid workers
- Leeto: access to numerous employee discounts
- Time off: 10 RTT days/year, plus menstrual leave, parental benefits, seniority days, 1 volunteering day/year, a learning & development budget, and more