GRC & AI Governance Specialist (F/H)

The Team You’ll Join

You’ll be part of our Security team within the GRC (Governance, Risk & Compliance) pillar, led by Maxime Lahaye, Senior Security Officer, based in Paris. Together, you’ll be ensuring Mirakl’s adherence to security standards and regulations while shaping the future of compliance in an AI‑driven world. AI is fundamentally transforming how we work, and you’ll join an established team that’s at the forefront of this evolution. This is your opportunity to participate in building the GRC infrastructure of tomorrow—where automation, intelligence, and security converge to enable Mirakl’s next phase of growth.

Your Impact

1. Compliance & Certifications — Automated

• Contribute to driving and maintaining Mirakl’s ISO 27001, ISO 27018, and SOC 2 certifications , leveraging automated GRC platforms to enable continuous compliance monitoring and reduce manual effort.
• Help manage and evolve the ISMS (Information Security Management System) , ensuring it reflects both regulatory requirements and Mirakl’s evolving AI‑driven operations.
• Automate evidence collection, control monitoring, and documentation workflows using modern GRC tooling and AI‑powered agents.

2. AI Governance — to build with the team

• Working closely with your manager and the Security team, co‑design and evolve Mirakl’s AI usage governance framework: acceptable use policies, data classification for AI inputs, shadow AI detection, and AI vendor risk assessment.
• Maintain a live inventory of AI tools used across the company and contribute to the risk‑based process for evaluating and onboarding new tools.
• Participate in internal awareness and training initiatives on responsible AI use across all departments.
• Monitor the AI governance regulatory landscape and help adapt Mirakl’s framework proactively.

3. Security by design across all company projects

• Partner with Product and Engineering teams early in project lifecycles—whether AI‑powered or not—to embed security and compliance requirements from the start.
• Participate in risk reviews across all types of product and platform initiatives, with specific attention to AI‑related threat vectors where applicable (prompt injection, data leakage in LLMs, access control for models).

What You’ll Bring to the Role

Experience:

• Master’s degree (Bac +5).
• Minimum 3 years of experience in GRC security.
• Experience in a consulting firm, technology company, or equivalent role is a plus.
• Strong understanding of compliance frameworks and security standards.
• Scripting/developing experience.

Skills:

• Proactive and autonomous with strong organizational and problem‑solving abilities.
• Excellent communication and pedagogy skills to influence technical and non‑technical stakeholders.
• Integrity and ethics as core values.
• Ability to work collaboratively in extended teams.
• Experience with web application and cloud (SaaS) security, as well as professional certifications (CISM, CISSP, ISO), are a plus.

Tools Used

• Drata
• AWS, GCP
• N8N
• Python
• Office Suite / Google Workspace

Languages

• Fluent in French and conversational English