Compliance Engineer – Security, GRC

This is a fully remote position, open to applicants in France.

📋 Description

• Take charge and automate the ISO 27001 Information Security Management System (ISMS): assume complete ownership of the ISO 27001 program integrated into the Quality Management System (QMS) — including controls, risk registers, policies, internal audits, and corrective actions. Develop and enhance automation workflows (Notion, AI agents, reporting) to ensure continuous audit readiness.

• Interface between ISMS and medical device cybersecurity: Ensure coherence between the ISMS and QMS, assist with medical device cybersecurity requirements (IEC 81001-5-1, IEC 62443, SBOM, MDR Annex I §17) in collaboration with the Quality Assurance and Regulatory Affairs (QARA) team, contribute to technical files and audits concerning security aspects, support the DiGA gap assessment (BSI TR-03161) on security, and monitor FDA cybersecurity guidelines.

• Prepare for emerging regulatory frameworks: Anticipate and convert NIS2, HIPAA, SOC 2 requirements into actionable controls and tangible deliverables.

⛳️ Requirements

• A minimum of 3 years of experience in security compliance / Governance, Risk, and Compliance (GRC) within a technology-focused environment (SaaS is highly preferred).

• Experience collaborating across engineering, product, and legal teams.

• Proven track record of implementing or enhancing compliance processes in a rapidly growing context.

• Experience responding to client security questionnaires, conducting supplier due diligence, or undergoing external audits.

• Strong sense of ownership: you take initiatives to completion and proactively remove obstacles for others.

• A pragmatic, results-driven mindset with the ability to engage others in the mission.

• Pragmatic approach: you ensure security without hindering teams — achieving high compliance without disrupting daily operations.

• Excellent collaborative skills: you establish trust with technical teams.

• A genuine interest in regulated healthcare environments — comfortable interpreting regulatory texts and identifying concrete implications.

• Ability to navigate ambiguity and work autonomously within a scaling environment.

• Proficiency in English.

🏝️ Benefits

• Direct impact and significant ownership: You will develop and manage the compliance engine. You won’t simply maintain documentation — you’ll design systems, automate workflows, and influence how compliance functions throughout the organization.

• A pragmatic, automation-first culture: We utilize modern tools (Notion, AI agents, workflow automation) and collaborate closely with technical teams. You’ll have the autonomy to create intelligent, scalable solutions.

• Mission-driven impact in healthcare: Your contributions support vulnerable populations while upholding the highest standards of security and compliance, directly enhancing patient care.

• Remote-first with direct reporting: Work from any location in France with a team that values trust, autonomy, and asynchronous collaboration.

• A unique and stimulating regulatory landscape: Work at the intersection of information security and medical devices — including MDR, QMS, ISMS, and FDA. An exceptional opportunity to deepen your expertise in high-impact areas.