GRC Security Engineer
Location
France
Posted
1 day ago
Salary
0
Seniority
Lead
Job Description
GRC Security Engineer
Dome Group
• Play a leading role in DataDome’s ISO 27001 program, driving day-to-day execution across control maturity, evidence collection, internal audits, and audit preparation. • Help maintain DataDome’s SOC 2 Type II program over time, ensuring controls, evidence, and follow-up actions stay on track. • Keep compliance work practical, reliable, and scalable as the company grows. • Run the risk management process in practice, including risk assessments, workshops, the risk register, treatment plans, and follow-up. • Work with both technical and business stakeholders to identify and assess risks in a structured and useful way. • Help teams turn risk findings into clear, prioritized remediation actions. • Handle third-party security reviews for internal tools and vendors, including onboarding assessments, reassessments, and follow-up actions. • Check that key controls are actually in place across tools and processes, spot gaps or weak configurations, and make sure remediation is tracked and moving with the right teams. • Lead the security awareness program, including training, phishing simulations, and effectiveness tracking. • Act as a key security partner for Legal, HR, Finance, and Business Operations on topics such as people controls, data handling, and process design. • Help Sales on security topics when needed, including writing clear, accurate, and high-quality answers to security questionnaires and supporting follow-up discussions during the sales cycle. • Be comfortable representing security during audits, including explaining how controls work, answering auditor questions, and following up on findings.
Job Requirements
- You have at least 7+ years Experience in a cybersecurity product company or internet-scale SaaS environment.
- You have demonstrated hands-on experience with ISO 27001 and understand what it takes to drive and maintain a certification program in the long run.
- You are comfortable going directly to teams, understanding how things work in practice, spotting gaps, and pushing for improvements that actually fit the way people work.
- You care about whether controls are real and effective, not just documented.
- You are comfortable running structured risk assessments and facilitating discussions with both technical and non-technical stakeholders.
- You communicate clearly and confidently, both in writing and in person, and you are comfortable working in French and English.
- You have the technical fluency to assess tools, systems, and processes with a critical eye, and to engage credibly with engineering teams on remediation efforts.
- You look for practical ways to simplify and automate repetitive GRC work, including with AI when it adds real value.
Benefits
- Flex Life: While we offer remote, hybrid, & in-office options each position specifies the level of flexibility. Our Parisian office is located next to the Opera Garnier. You will also receive a 500€ stipend to help you set up your ideal workspace if you work hybrid or remotely.
- If you are full remote, the SNCF dicount card is paid for you to come to our office to visit us & your team!
- Generous Health Benefits: We have partnered with Kenko for your healthcare needs.
- A 100€ annual allowance is provided for a leisure activity of your choice in Sports or Culture.
- Annual allowance of €200 if you come to the office by bike to cover maintenance costs.
- Professional Development: #Weaimhigh is part of our DNA, therefore we have invested in an internal Learning and Development platform and offer the opportunity to request additional training and support via your manager.
- Events & Team building: #We care and we have fun! We organise ****Annual Company-Offsite, Events, Drinks, Winter Party, Lunch & Learns and much more are part of our Culture
- Parent Care: Gift & care packages for parents.
- PTO: Based on the country you are based from (e.g. 25 days in France).
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Own and evolve our vulnerability management program with a focus on application security — container images, dependencies, code scanning, and runtime detection • Build and maintain security tooling that integrates directly into CI/CD pipelines and developer workflows, so security happens automatically rather than as a gate • Use AI extensively to write code faster, automate analyses that would otherwise require manual review, and build intelligent tooling that scales beyond what a small team could achieve manually • Assess and improve how we leverage available telemetry across our systems • Work directly with engineering teams to influence secure development practices — not by writing standards and documents, but by shipping tools and defaults that make the secure path the easy path • Investigate and respond to security findings when needed, but spend more of your time building systems that prevent and detect issues than manually chasing them • Adapt quickly as priorities shift — our team is agile and tomorrow's challenge may look different from todays
• Support cybersecurity testing in FAT/SAS environments. • Validate access controls, configuration hardening and protocol behavior (OPC UA). • Contribute to technical documentation (test procedures, topologies, risk assessment) • Apply IEC 62443 standards to OT systems.
Security Architect – Presales
GuidePoint SecurityWe help organizations make smarter cybersecurity decisions that minimize risk.
• Lead technical discovery calls and translate customer requirements into high-level solution designs • Speak credibly about product capabilities, integrations, and architectural trade-offs (e.g., Splunk, Sentinel, CrowdStrike Next-Gen SIEM, Tines, Torque, Snowflake) • Draw integration diagrams, validate technical feasibility, and position GuidePoint's differentiated capabilities • Support account executives in pre-sales engagements, ensuring technical alignment before formal scoping • Stay current on security operations trends, emerging platforms, and competitive positioning • Collaborate with delivery architects to ensure smooth transitions from sales to implementation
• Ensuring protection of systems and data • Evaluating and implementing security tools • Further development of security measures: hardening, monitoring, incident detection and response • Identifying vulnerabilities and prioritizing risks • Automating security and audit processes • Advising colleagues and supporting compliance and data protection requirements in the healthcare environment




