Job Description

We are looking for an experienced Governance, Risk, and Compliance (GRC) Engineer to join our team. In this role, you will be responsible for developing and maintaining systems and processes to ensure regulatory compliance, manage organizational risks, and protect the integrity and security of our data infrastructure. The ideal candidate will bring a solid technical foundation, comprehensive knowledge of regulatory standards, and strong cross-departmental collaboration skills to advance compliance efforts.

Key Responsibilities:

Strategic Leadership

• Collaborate with the CISO to define a multi-year, risk-based security roadmap, including the creation of policies, processes, and guidance documents to ensure effective implementation.

• Execute the security roadmap autonomously or with support from engineering teams, adapting to project technical requirements in either a delivery or project management role.

• Develop and implement company-wide security policies and procedures encompassing internal IT, production platforms, facilities, and other areas.

• Enhance and maintain the risk analysis process and its mitigation strategies.

• Design and manage a comprehensive reporting framework for security indicators.

Operational Excellence

• Lead the execution of the security roadmap by driving initiatives and coordinating efforts with engineering teams and other stakeholders (e.g., legal, HR, support, customer experience).

• Oversee vulnerability management, including triage, prioritization, and mitigation follow-up.

• Conduct vendor security assessments to ensure compliance and provide security approvals during procurement processes.

• Support the asset management program, including oversight of contractors, accounts, and datasets.

Compliance Management

• Manage SOC 1 and SOC 2 certification renewals and contribute to maintaining and acquiring new certifications (e.g., ISO 27001, ISO 27701).

• Plan and oversee internal and external compliance audits.

• Strengthen compliance programs by collaborating cross-functionally to ensure adherence to standards.

• Work with Sales and Legal teams to monitor the regulatory landscape and address compliance requirements in alignment with market needs.

Advocacy and Training

• Develop and deliver security awareness training programs, promoting best practices across the organization (e.g., onboarding sessions, phishing simulations, developer training).

Experience & Expertise

• A minimum of 5 years of experience in governance and compliance roles, such as Security Engineer, Security Project Manager, or Compliance Officer

• Deep understanding of the ISO 27000 series certification, ideally with experience in doing the implementation

• Solid technical foundation in security engineering.

• Strong team player with a solution-oriented mindset and a proactive attitude.

• Fluent in English and French