Chief Information Security Officer

The Company

Filigran, founded in October 2022, stands out in the cybertech ecosystem for its commitment to revolutionizing cyber threat management with a proactive approach. Its mission is to develop innovative open-source solutions designed to anticipate cyber threats, identify security gaps, and strengthen organizational security posture.

Filigran solutions are now trusted by over 6,000 public and private organizations worldwide.

The Role

We are looking for our first internal security leader: a CISO who will design, build, and run the foundations of Filigran's information security programme.

This is a hands‑on, build-from-scratch role. You'll be responsible for defining processes, setting up tools, and preparing the growth of the Security Operations team. You'll establish the Filigran‑CERT (F‑CERT), ensure our resilience against threats, and hold the formal Data Protection Officer mandate acting as the operational and regulatory gatekeeper : authoritative point of contact for regulators, customers, and internal teams on all matters touching AI, privacy, and security compliance.

You will be working closely with C‑suite, executive leadership and regulators, and as the CISO, you will ensure that cybersecurity, cyber resilience and data protection are embedded across technology, business operations and partner ecosystems.

Your Responsibilities

Build & Lead Security Operations

• Design and implement Filigran's first CSIRT and Security Operations (SecOps) framework.
• Define processes for incident detection, response, containment, and recovery.
• Manage relationships with external Managed SOC providers for hybrid Level 1 monitoring.

Incident Response & Crisis Management

• Act as primary incident commander for security events and data breaches.
• Build and maintain incident playbooks and escalation paths.
• Drive post‑incident reviews and lessons learned.
• Ensure timely breach notification to supervisory authorities in coordination with the General Counsel.

Threat Intelligence & Breach & Attack Simulation

• Leverage Filigran's own products (OpenCTI, OpenBAS/OpenAEV ) to run advanced threat intelligence analysis and attack simulations.
• Continuously evaluate threats relevant to Filigran and its ecosystem.
• Provide actionable intelligence to leadership and engineering teams.

Regulatory Compliance, Certifications & Audits

• Establish the Filigran‑CERT (F‑CERT) and position it as the trusted security function for the company.
• Build and maintain an ISMS aligned with ISO 27001, SOC 2, or equivalent standards.
• Lead security certification efforts and manage external audits.
• Own the vendor security assessment process and third‑party risk management program.

DPO - Official Gatekeeper for AI, Privacy & Security

• Hold the formal Data Protection Officer mandate under GDPR, serving as the official point of contact for supervisory authorities (e.g. CNIL).
• Act as the internal gatekeeper ensuring that AI initiatives, data processing activities, and security controls meet applicable regulatory requirements.
• Collaborate closely with the General Counsel to translate legal and policy obligations into operational controls.
• Monitor evolving regulation (GDPR, AI Act, ePrivacy, NIS2) and assess operational impact in coordination with Legal.
• Handle or coordinate responses to data subject requests (DSARs) and regulatory enquiries.

Team Building

• Act as a player‑coach, balancing hands‑on work with preparation for team growth.
• Define future roles and responsibilities for SecOps.
• Mentor and onboard new hires as the team scales.

Who You'll Work With

• Reporting to: Chief Executive Officer
• Close collaboration with: General Counsel, Engineering, Product, IT, Finance and People teams
• External stakeholders: Supervisory authorities (CNIL and equivalents), external auditors, managed security providers, customers

Profile We're Looking For

• Proven experience in an information security leadership role (CISO, Head of Security, CSIRT Manager, or equivalent).
• Formal DPO qualification or equivalent experience, solid working knowledge of GDPR and EU data protection law, including AI Act implications.
• Strong background in incident response, forensics and security monitoring.
• Experience working with managed SOC services in hybrid models.
• Knowledge of threat intelligence practices and frameworks (MITRE ATT&CK, STIX/TAXII), bonus if you've used OpenCTI.
• Familiarity with red teaming, breach & attack simulation (BAS), or security testing.
• Comfortable operating at the intersection of technical security and regulatory compliance, without owning the legal function.
• Hands‑on mindset: comfortable being the first security leader in a scaling organisation.
• Excellent communication skills with regulators, customers, technical teams, and executives alike.
• Fluency in English required; French is a strong plus.

Why Join Filigran? More than just a job.

We're a fast‑growing, global, and fully remote company building open-source cybersecurity solutions, increasingly powered by AI, to help defense teams anticipate threats and act faster.

☆ What we believe

We believe we do work that matters, uniting defenders into a global community to make security more open, resilient & collaborative.

How we work

We do work that matters by combining strong engineering standards with emerging technologies, including AI, to move faster and smarter.