Horaires de travail flexiblesTemps partiel possibleSemaine de 4 joursSemaine de 4.5 joursTickets restaurantOpen spaceRestaurant d'entreprise / Cuisine pour les employésSalle de jeux ou club de loisirs
Missions clésDiriger les évaluations de risque en matière de sécurité de l'information et mettre en œuvre des contrôles opérationnels. · Maintenir les certifications ISO 27001 et PCI-DSS et diriger la mise en œuvre de SOC2. · Concevoir et exécuter le cadre de gestion des risques des tiers selon les nouvelles réglementations DORA. · Orchestrer les audits internes couvrant le contrôle interne et les audits financiers. · Planifier et coordonner les tests annuels de reprise après sinistre.
Profil recherché5-10 ans d'expérience · Problem Solver · Autonomie · Esprit d'équipe · Proactivité
Outils & compétencesGRC, IT Audit, Cybersecurity Governance, Cloud Security, AWS, ISO 27001, PCI-DSS, SOC2, DORA, Third Party Risk Management, Business Impact Analysis, IT Risk Management
At Swile, we believe that good products can help reduce friction in daily professional life and boost employee satisfaction. Today, we provide innovative solutions in various areas such as Fintech, Travel, HR, and Employee Benefits to more than 5.5 million users in 85,000 companies in France and Brazil.\n
🦾 Your Mission
As a Security Governance Specialist, you will bridge the gap between regulatory excellence and operational agility. Reporting directly to the CISO, you will lead our GRC strategy and operations, ensuring our security posture scales with our growth, while collaborating with a talented, international team based in France and Brazil.
✅ Your responsibilities include:
IT Risk Management : Lead Information Security Risk Assessments and implement operational controls.
Certifications: Maintain our ISO 27001, PCI-DSS certifications and lead the implementation of SOC2 across all Swile products.
DORA & Third-Party Risk: Design and execute the Third Party Risk Management (TPRM) framework under the new DORA regulations.
Audits : Orchestrate internal audits covering the internal control, financial audits and ad-hoc audits required by authorities, customers or Swile Board of Directors .
Resilience: plan and coordinate the annual Disaster Recovery tests.
Business Impact: Conduct the annual Business Impact Analysis (BIA) across all departments.
Customer Liaison: Drive RFP initiatives by delivering accurate and impactful questionnaire responses and representing the team in customer interactions when required
Regulatory Liaison: Manage reporting for financial authorities like ACPR and Banque de France.
✨ It will be a perfect match if you:
Have 5+ years of experience in GRC, IT Audit, or Cybersecurity Governance (Scale-up background would be a very strong bonus).
Are familiar with Cloud Security environments (AWS) and ITGC basics.
Possess a "hands-on" mindset: you enjoy building processes rather than just documenting them.
Are fluent in French and English (essential for our Brazil & France collaboration).
Are a Problem Solver capable of managing high-load audit periods with autonomy.
📓 One thing worth to be mentioned
We value a proactive, entrepreneurial mindset. Whether you come from a startup or a structured consulting environment, your ability to understand the code behind the controls is what matters.
💡What’s in it for you ?
Working for one of France's top Scaleups in a sunny place ☀️ (we can help with relocation 🚚 )
An opportunity to integrate a dynamic team of talented engineers.
A collaborative work environment that values innovation and creativity.
Competitive salary and benefits package.
Professional development and career growth opportunities.
