The CDMO that's changing the game.
Compliance Engineer – Security, GRC
Location
France
Posted
22 days ago
Salary
0
Seniority
Senior
Job Description
Compliance Engineer – Security, GRC
Resilience
• Lead and automate the ISO 27001 ISMS: full ownership of the ISO 27001 program integrated into the QMS — controls, risk register, policies, internal audits, corrective actions. Design and improve automation workflows (Notion, AI agents, reporting) to remain continuously audit-ready • ISMS / medical device cybersecurity interface: Ensure alignment between the ISMS and QMS, support medical device cybersecurity requirements (IEC 81001-5-1, IEC 62443, SBOM, MDR Annex I §17) in partnership with the QARA team, contribute to technical files and audits on security aspects, support the DiGA gap assessment (BSI TR-03161) on security, monitor FDA cybersecurity guidance • Prepare for new regulatory frameworks: Anticipate and translate NIS2, HIPAA, SOC 2 requirements into pragmatic controls and concrete deliverables
Job Requirements
- 3+ years of experience in security compliance / GRC within a tech environment (SaaS strongly preferred)
- Experience working cross-functionally with engineering, product, and legal teams
- Implemented or improved compliance processes in a high-growth context
- Responded to client security questionnaires, supplier due diligence, or external audits
- Strong sense of ownership: you drive initiatives to completion and proactively unblock others
- Pragmatic, results-oriented approach with the ability to bring others along on the mission
- Pragmatism: you secure without slowing teams down — high compliance without burdening daily work
- Excellent collaboration skills: you build trust with technical teams
- Genuine curiosity about regulated healthcare environments — comfortable reading regulatory texts and extracting concrete implications
- Comfortable with ambiguity and autonomy in a scale-up environment
- Proficiency in English
Benefits
- Direct impact and high ownership: You will build and own the compliance engine. You won’t just maintain documentation — you’ll design systems, automate workflows, and shape how compliance operates across the company
- Pragmatic, automation-first culture: We use modern tools (Notion, AI agents, workflow automation) and work closely with technical teams. You’ll have the freedom to build smart, scalable solutions
- Mission-driven impact in healthcare: Your work supports vulnerable populations while maintaining the highest standards of security and compliance. Direct impact on improving patient care
- Remote-first with direct reporting: Work from anywhere in France with a team that values trust, autonomy, and asynchronous collaboration
- A rare, stimulating regulatory scope: Operate at the intersection of information security and medical devices — MDR, QMS, ISMS, FDA. An exceptional opportunity to advance your expertise on high-impact topics
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
SAP S/4 Authorization & Security
IgnitesapBei Interesse freue ich mich auf Ihre Kontaktaufnahme: Alex Chapleo 📧 Alex.Chapleo@ignitesap.com 📞 +49 (0)211 5469 22062 #LI-AC1
Role Description IgniteSAP are partnered with one of the leading SAP management consultancies delivering large-scale S/4HANA transformation programmes across Germany and Europe. Due to continued growth within the SAP Security and GRC practice, there is a strong demand for experienced SAP Authorizations & Security Consultants. This growth offers clear opportunities to benefit both financially and through accelerated career progression, within a highly structured and internationally recognised consulting environment. - Carry out consulting as an SAP Authorizations & Security Consultant within complex S/4HANA transformation programmes - Advise customers on designing and optimising secure SAP system landscapes - Contribute your expertise in SAP security, authorisation concepts, and compliance frameworks - Design and implement role and authorisation concepts across SAP S/4HANA and related systems - Support user access management, identity governance, and segregation of duties (SoD) concepts - Participate in system implementations, migrations, and audits from a security perspective - Deliver workshops, training sessions, and stakeholder engagement activities - Support business development and contribute to project acquisition initiatives Qualifications - Several years of experience in SAP Authorizations and Security consulting - Strong knowledge of role design, user management, and access control within SAP environments - Experience with SAP S/4HANA authorisation concepts and Fiori security is desirable - Knowledge of SAP GRC, IAM or compliance frameworks is an advantage - Strong analytical skills and structured approach to problem solving - Very good German and good English language skills - Willingness to travel within a consulting environment Benefits Please apply to hear more about the benefits associated with this leading employer.
AI Security Engineer IAM
Dell TechnologiesDell Technologies was formed in 2016 when Dell and EMC combined in what is considered "the largest technology merger in history." Today, the multinational technology company is bas
Role Description Como AI Security Engineer (IAM), você será membro da nossa organização interna de Cybersecurity, com a responsabilidade de contribuir com sua experiência e habilidades técnicas para o ambiente de infraestrutura de segurança da Dell. Seu foco será a engenharia e a operação de ferramentas de Inteligência Artificial para gestão de identidades e acessos (IAM), o que inclui interagir e colaborar com stakeholders internos, clientes, parceiros e fornecedores. - Gerenciar processos e tecnologias para implementar operações do ciclo de vida de identidades para agentes de IA e service principals, incluindo criação, rotação, revogação e desativação, garantindo forte capacidade de auditoria. - Administrar políticas de RBAC e ABAC para fluxos de trabalho agentivos e aplicar guardrails em endpoints de modelos, repositórios de dados e integrações com ferramentas. - Gerenciar credenciais utilizados por agentes de IA, incluindo políticas de cofre (vault), cronogramas de rotação e detecção de uso indevido de credenciais. - Colaborar com equipes de produto para capturar casos de uso e traduzi-los em controles de IAM concretos para agentes, modelos e caminhos de acesso a dados. - Auxiliar em investigações e respostas a incidentes envolvendo IA agentiva, correlacionando logs de prompts, ações, chamadas de ferramentas e eventos de acesso a dados. Qualifications - Inglês avançado para atuação em um time global. - Conhecimento sólido de fluxos OAuth e OIDC e compreender controles de acesso baseados em grupos do AD/Entra, incluindo emissão de group claims em JWT/SAML com filtragem adequada. - Conhecimento fundamental em IAM é essencial para esta função (autenticação, autorização e PAM). - Desejável: conhecimentos básicos de scripting (Python/TypeScript) para automatizar integrações e revisões. - Experiência na implementação de controles e padrões de conformidade de IAM para agentes de IA, incluindo suporte a atividades de auditoria. - Capacidade demonstrada de colaborar com Arquitetos de IAM para manter e evoluir continuamente configurações, runbooks e fluxos de acesso. - Experiência prática com frameworks de agentes (LangGraph/LangChain, CrewAI, AutoGen) e/ou plataformas de agentes (Lindy, Orq.ai). - Experiência trabalhando com plataformas de governança de IA e MLOps (por exemplo, DataRobot, Dataiku), oferecendo suporte a fluxos de aprovação, trilhas de auditoria e validações de conformidade. - Fortes habilidades de colaboração multifuncional e capacidade de traduzir requisitos em arquiteturas seguras de IAM e de agentes, em parceria com times de aplicações, plataforma, segurança e dados. Requirements - Bacharelado em Ciência da Computação, Gestão de Sistemas de Informação, Cibersegurança, Segurança da Informação ou área relacionada; ou experiência equivalente. - Certificação em cybersecurity emitida por ISC², SANS ou entidade equivalente. Company Description Acreditamos que cada pessoa tem o poder de gerar impacto. É por isso que colocamos as pessoas da nossa equipe no centro de tudo o que fazemos. Se você está procurando uma oportunidade de desenvolver a sua carreira em um ambiente de trabalho inclusivo e diverso, com a tecnologia mais avançada do setor, estamos procurando por você. A Dell Technologies é uma família única de empresas que ajuda pessoas e organizações a transformar a forma como trabalham, vivem e se divertem. Junte-se a nós para construir um futuro que funcione para todas as pessoas, porque o progresso precisa de nós. A Dell Technologies está comprometida com o princípio de oportunidades iguais de emprego para todas as pessoas, e em fornecer às pessoas da equipe um ambiente de trabalho livre de discriminação e assédio.
Senior Associate, PCI Assurance
ThoropassThoropass, founded in 2019, is a compliance automation company dedicated to simplifying compliance processes in healthcare, FinTech, and SaaS sectors. With a focus on fostering a c
Role Description Forget everything you think you know about information security auditing. We’re on a mission to reinvent the outdated, clunky audit process—and we’re doing it with cutting-edge AI, automation, and a relentless commitment to customer success. At Thoropass, auditing isn’t about manually sifting through endless evidence or checking boxes—it’s about solving complex security problems for our customers in smarter, faster, and more innovative ways. And thanks to our AI-powered auditor tech stack and industry leading audit process, you won’t spend your days buried in audit testing. If you’re an experienced, customer-centric auditor who’s tired of the grind and ready to help disrupt the industry, we want to hear from you. What You'll Do - Lead with Confidence: You’ll serve as the trusted advisor and main point of contact for your assigned customers, owning the PCI audit lifecycle from start to finish. - Review, Guide, Elevate: Analyze audit evidence requests submitted by customers, provide expert feedback, and guide them toward best practices. - Collaborate with AI: Partner with our advanced AI engine and auditor team to validate evidence, streamlining the process for maximum efficiency. - Deliver Excellence: Generate high-quality PCI reports that reflect accuracy, precision, and your professional expertise. - Problem-Solve Creatively: Use your curiosity and analytical skills to solve unique challenges, ensuring every customer has an exceptional experience. Qualifications - At least 3+ years of PCI audit experience. - Familiarity with advanced cloud technologies (AWS, GCP, Azure). - Comfort working directly with customers and a knack for building relationships. - Currently possess or are pursuing certifications like QSA, CISSP, CISA, CSP specific certifications like AWS Solutions Architect, or similar. - Exceptional problem-solving skills, attention to detail, and analytical ability. - A genuine interest in solving problems and questioning the status quo. Benefits - No Manual Testing: Say goodbye to the drudgery of manual audit testing—our automation and dedicated audit experts do the heavy lifting. - Cutting-Edge Tech: Work with an AI-powered toolset designed to make your job easier and more impactful. - Make an Impact: Join a team that’s redefining how audits are done, creating value for customers in an entirely new way. - USA Compensation: The salary range for this position is $110,000 - $130,000 and will be based on experience and skill set, plus a 12% bonus. - Immediate access to health, dental, and vision care. - Early equity in a fast-growing company. - Work-from-home model. - Flexible PTO. Equal Opportunity Thoropass provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Even if you feel you don’t meet every requirement, consider applying! Thoropass acknowledges the research which shows that women and people of color are less likely to apply for jobs when they don’t meet all of the stated qualifications. However, we’re looking for authentic innovators to blaze new trails and you just may be the right person for this or another role.
Principal Cybersecurity Engineer
BayerBayer is a global pharmaceutical and scientific research company dedicated to providing products that improve quality of life for people around the world. Found
Role Description The Principal Cybersecurity Engineer will be responsible for: - Defining project-level cybersecurity requirements. - Designing and developing security solutions to mitigate product cybersecurity risks. - Understanding medical device products and clinical applications to identify potential cybersecurity threats and develop mitigations. - Performing threat modeling, vulnerability testing, security risk analysis, and security assessments. - Reviewing security architecture and designs. - Securing medical devices, medical device software, and IT software against cyber threats. - Leading cybersecurity risk assessments and cyber signal incident responses and investigations. - Leading cross-functional teams. - Coordinating strategic supplier and partner relationships. Qualifications - Master’s in Cybersecurity, Computer Science, Telecommunications, or closely related field. - 4 years of experience in cybersecurity-related positions in a medical device R&D environment. Requirements - Performing threat modeling of regulated medical devices using STRIDE. - Assessing cybersecurity risk to patient safety and Protected Health Information (PHI). - Creating security designs and requirements based on user needs. - Applying security technologies to medical device product designs within software and hardware, including network security, encryption, firewalls, and TPM. - Leading cross-functional teams in reviewing security architecture and design. - Applying cybersecurity standards, including NIST CSF, NIST SP 800-30, AAMI TIR57, and AAMI TIR 97. - Creating documentation for regulatory submissions, including cybersecurity management plans, threat model reports, security risk and cyber signal assessments, MDS2, and SBOM. - Applying cybersecurity and secure design principles to medical device products in compliance with FDA Cybersecurity Guidance for Medical Devices. - Conducting security testing and vulnerability scanning using Burp Suite, Wireshark, and Nessus. - Analyzing findings with qualitative risk prioritization, including CVSS and OWASP. - Planning and overseeing penetration testing with third-party testers. - Developing cybersecurity policies and procedures. Benefits - Health care. - Vision. - Dental. - Retirement. - PTO. - Sick leave. Company Description Bayer Healthcare LLC is an Equal Opportunity Employer/Disabled/Veterans. The company is committed to providing access and reasonable accommodations in its application process for individuals with disabilities and encourages applicants with disabilities to request any needed accommodation(s).
