Chief Information Security Officer

French and English Speaker

• Lead and oversee certification processes, maintaining SOC 2 Type 2 compliance and being able to drive adoption of ISO 27001 and ISO 27701 as the company grows.
• Ensure compliance with GDPR, the EU AI Act and Cyber Resilience Act, staying ahead of regulatory changes that affect our product and operations.
• Maintain comprehensive security controls documentation and compliance records.
• Act as the primary security contact for enterprise clients.
• Assist sales and go-to-market teams by completing security questionnaires and clearly communicating our security posture to potential customers.
• Audit cloud provider controls and security configurations (AWS).
• Enforce robust access management practices and security controls across our infrastructure.
• Partner with engineering to embed secure development practices throughout the SDLC.
• Draft, maintain, and enforce company-wide security policies that are practical and scalable.
• Conduct security risk assessments and develop actionable mitigation strategies.
• Foster a strong security culture through internal guidelines, training, and awareness initiatives.
• Monitor for security incidents and ensure response procedures are well-defined, tested, and effective.
• Coordinate regular security audits and penetration testing engagements.
• Continuously evaluate and recommend security tools, automation, and frameworks
• Bachelor or Master in Computer Science or Software Engineering
• 8+ years of experience in security roles (Security Officer, GRC Manager, or Security Engineer).
• Expertise in SOC 2 and/or ISO 27001 compliance frameworks.
• Solid understanding of cloud security best practices in a scale-up environment / background of building security programs from the ground up in a (high-growth) startup.
• Experienced in writing and implementing security policies that are practical and enforceable.
• Biased for action : you identify and drive security improvements without waiting to be asked.
• A fast learner able to stay ahead of the fast moving regulatory landscape
• Meticulous in documenting and enforcing security policies.
• Able to communicate security concepts clearly to both technical and non-technical audiences.
• Collaborative and effective working with engineers, compliance stakeholders, and leadership.
• Experience with AI governance frameworks (ISO 42001) or emerging AI-related certifications.
• Familiarity with security automation tools that streamline compliance workflows.
• Hands-on experience with incident response planning and crisis management.