Head Of Cyber Governance Risk & Compliance

Role Overview

Your mission will be to lead the GRC team (4 individual contributors & growing) and strategy and oversee compliance programs in order to maintain a strong security posture, meet international standards (such as ISO 27001, HDS, etc.), maintain high level qualifications (SecNumCloud) and foster a robust security culture across the company.

Responsibilities

• Define and implement the Cyber GRC strategy, aligning security goals with business objectives
• Manage the GRC team members
• Oversee and maintain compliance programs, particularly ISO 27001, HDS, ISO 9001 certifications and SecNumCloud qualification
• Manage risk assessment processes, identifying compliance gaps and driving risk treatment plans
• Establish and communicate security policies, standards, and procedures across the organization
• Conduct internal audits and coordinate activities with third‑party auditors
• Foster a security‑aware culture through training, workshops, and awareness initiatives
• Collaborate with the SOC‑CSIRT and other teams to address security gaps and improve resilience
• Report on GRC metrics and security posture to leadership and stakeholders
• Monitor the regulatory landscape to ensure adherence to evolving security requirements
• Drive cross‑functional improvements in security governance and internal controls
• Oversee and maintain compliance programs regarding CyberSecurity related regulations (NIS2, etc.)

Qualifications

Hard Skills

• Proven experience in Cyber Governance, Risk, and Compliance (GRC)
• Knowledge of ANSSI qualification framework (SecNumCloud, PRIS, PASSI, PDIS, etc.)
• Experience of international compliance context is a plus
• Experience in team management
• Solid knowledge of ISO 27001 framework implementation and certification maintenance
• Proficiency in risk management methodologies (e.g., EBIOS RM, NIST)
• Understanding of cloud security principles and regulatory requirements
• Experience with audit management and security policy development

Soft Skills

• Excellent communication skills, capable of explaining complex security risks to non‑technical stakeholders
• Strategic mindset with a pragmatic approach to security implementation
• Collaborative and team‑oriented mindset, capable of driving cross‑functional initiatives
• Ability to foster a positive security culture and drive organizational change
• Strong analytical thinking and problem‑solving abilities
• Fluent in both French and English

Benefits

Hybrid work: We offer up to 3 days of remote work per week.

Offices: Our offices are spacious, dynamic workspaces located near public transport, featuring outdoor terraces and bike parking.

Dining: Our chef provides a healthy meal service at the headquarters, with breakfast available year‑round. Regional sites offer a Swile card for lunches.

Well‑being commitments: Access to a gym, daycare places, or discounted caring services to support a balanced life.

International environment: English is widely spoken alongside French, creating a multicultural workplace.

Career & Mobility: Internal mobility opportunities and transitions to other entities within the Iliad Group are accessible to all employees.

Equal Opportunity Statement

At Scaleway, we are committed to building an inclusive and respectful workplace where everyone has a fair opportunity to thrive. All applications are considered with care, regardless of age, gender, sexual orientation, ethnic or social background, religion, disability, or any other characteristic. We believe great ideas come from everywhere, and everyone which is why you should definitely apply.