
GRC Security Engineer
Posted 3 days ago

Posted 3 days ago
This is a fully remote position, open to applicants in France.
• Take a pivotal role in DataDome's ISO 27001 initiative, managing daily execution across control maturity, evidence gathering, internal audits, and audit readiness.
• Support the ongoing maintenance of DataDome's SOC 2 Type II program, ensuring that controls, evidence, and follow-up actions remain on track.
• Ensure compliance efforts are practical, dependable, and scalable as the organization expands.
• Implement the risk management process in practice, which includes conducting risk assessments, organizing workshops, maintaining the risk register, developing treatment plans, and overseeing follow-ups.
• Collaborate with both technical and business stakeholders to systematically identify and evaluate risks in a meaningful way.
• Assist teams in transforming risk findings into clear, prioritized remediation actions.
• Manage third-party security evaluations for internal tools and vendors, encompassing onboarding assessments, reassessments, and follow-up actions.
• Verify that essential controls are effectively implemented across tools and processes, identify gaps or weak configurations, and ensure that remediation efforts are tracked and progressing with the appropriate teams.
• Oversee the security awareness initiative, which includes training, phishing simulations, and tracking effectiveness.
• Serve as a crucial security partner for Legal, HR, Finance, and Business Operations on issues related to people controls, data management, and process design.
• Support Sales on security matters when necessary, including crafting clear, accurate, and high-quality responses to security questionnaires and facilitating follow-up discussions during the sales process.
• Be adept at representing security during audits, which involves explaining how controls function, addressing auditor queries, and following up on findings.
• You possess a minimum of 7+ years of experience in a cybersecurity product company or an internet-scale SaaS environment.
• You have proven hands-on experience with ISO 27001 and grasp what it takes to successfully drive and sustain a certification program long-term.
• You are comfortable engaging directly with teams, comprehending how operations function in practice, identifying gaps, and advocating for enhancements that truly align with the workflow.
• You prioritize whether controls are genuine and effective, rather than merely documented.
• You are skilled at conducting structured risk assessments and facilitating discussions with both technical and non-technical stakeholders.
• You communicate clearly and confidently, both in writing and verbally, and you are proficient in both French and English.
• You possess the technical fluency to critically evaluate tools, systems, and processes, and to engage credibly with engineering teams regarding remediation efforts.
• You seek practical methods to simplify and automate repetitive GRC tasks, including leveraging AI when it provides real value.
• Flex Life: We provide remote, hybrid, and in-office options, with each position detailing the level of flexibility. Our Paris office is conveniently located next to the Opera Garnier. You will also receive a €500 stipend to help you create your ideal workspace if you work in a hybrid or remote capacity.
• For fully remote employees, we cover the SNCF discount card to facilitate visits to our office and connect with your team!
• Generous Health Benefits: We have partnered with Kenko to cater to your healthcare needs.
• An annual allowance of €100 is provided for a leisure activity of your choice in Sports or Culture.
• An annual allowance of €200 is available if you commute to the office by bike to assist with maintenance costs.
• Professional Development: #Weaimhigh is ingrained in our culture; hence, we have invested in an internal Learning and Development platform and offer opportunities to request further training and support through your manager.
• Events & Team Building: #We care and have fun! We organize various activities such as an Annual Company Offsite, Events, Drinks, Winter Parties, Lunch & Learns, and much more as part of our Culture.
• Parent Care: Gift and care packages for parents.
• PTO: Based on your country of residence (e.g., 25 days in France).
Fusion Consulting
DoorDash
AppGate
CannonDesign
Get handpicked remote jobs straight to your inbox weekly.