Head Of Cyber Governance Risk & Compliance

Requirements

• Proven experience in Cyber Governance, Risk, and Compliance (GRC)
• Knowledge of ANSSI qualification framework (Sec

  Num

  Cloud, PRIS, PASSI, PDIS, etc.)
• Experience of international compliance context is a plus
• Experience in team management
• Solid knowledge of ISO 27001 framework implementation and certification maintenance
• Proficiency in risk management methodologies (e.g., EBIOS RM, NIST)
• Understanding of cloud security principles and regulatory requirements
• Experience with audit management and security policy development
• SOFT SKILLS:
• Excellent communication skills, capable of explaining complex security risks to non-technical stakeholders
• Strategic mindset with a pragmatic approach to security implementation
• Collaborative and team-oriented mindset, capable of driving cross-functional initiatives
• Ability to foster a positive security culture and drive organizational change
• Strong analytical thinking and problem-solving abilities
• Fluent in both French and English

What the job involves

• Our growth is driving us to strengthen our Cyber Governance, Risk & Compliance (GRC) team to support our expansion and ensure the highest standards of security
• Your mission will be to lead the GRC team (4 individual contributors & growing) and strategy and oversee compliance programs in order to maintain a strong security posture, meet international standards (such as ISO 27001, HDS, etc.), maintain high level qualifications (Sec

  Num

  Cloud) and foster a robust security culture across the company
• We work in a collaborative and international environment where the diversity of Scalers, combined with a spirit of sharing, helps bring new projects to life every day, advancing our ambitions together
• You will be part of the IT department, reporting to the CISO / CIO. You will be working closely with the SOC-CSIRT, the Legal, the Product, the Engineering & the Operation teams to integrate risk management and compliance into our technical and operational processes
• The team focuses on maintaining governance frameworks, managing security risks, and supporting the company's ongoing certification / qualification efforts
• Define and implement the Cyber GRC strategy, aligning security goals with business objectives
• Manage the GRC team members
• Oversee and maintain compliance programs, particularly ISO 27001, HDS, ISO 9001 certifications and Sec

  Num

  Cloud qualification
• Manage risk assessment processes, identifying compliance gaps and driving risk treatment plans
• Establish and communicate security policies, standards, and procedures across the organization
• Conduct internal audits and coordinate activities with third-party auditors
• Foster a security-aware culture through training, workshops, and awareness initiatives
• Collaborate with the SOC-CSIRT and other teams to address security gaps and improve resilience
• Report on GRC metrics and security posture to leadership and stakeholders
• Monitor the regulatory landscape to ensure adherence to evolving security requirements
• Drive cross-functional improvements in security governance and internal controls
• Oversee and maintain compliance programs regarding CyberSecurity related regulations (NIS2, etc.)