As the security team, our ambition is to:

• Security Leader: Have the best security among our competitors 🏰

• Guardian of Trust: Not only meet, but exceed the highest security standards required by our customers and partners 🧑‍🏫.

• Total Resilience: Build defences that makes us indestructible and guarantees our operational resilience 🛡️

• Support of our Growth: Support Wooclap in its global expansion 🌎

As an Operation Security Officer, you will be the second member of the Wooclap Security team. This position is inherently cross-functional: you will work in close collaboration with the Technical team, while being the key contact for all internal stakeholders (Business, Legal, Operations, Marketing teams, etc.).

This role is essential in the context of Wooclap’s international growth.

We rely on your autonomy and initiative to build the future of our security. You will lead strategic projects from A to Z, support our clients and partners, and evolve our Security posture to anticipate the risks associated with our rapid expansion.

1. Governance, Risk & Compliance

• Contribute to the security strategy, roadmap, and governance with key stakeholders.

• Ensure ongoing compliance with standards and regulations (ISO 27001, GDPR, CNIL, cloud requirements).

• Define, maintain, and deploy security policies (access control, encryption, data protection).

• Lead security committees, audits, KPIs, and reporting to Management/Board; support certifications.

1. Security Project Management

• Lead major security programs: IAM strategy, SIEM, EDR, Bug Bounty, endpoint security.

• Define incident response, business continuity, and crisis management strategies.

• Run simulations, post-mortems, and co-build the internal ISO program.

1. Application & Infrastructure Security

• Promote security by design and secure development practices.

• Review critical architectures (auth, payments, APIs, AI).

• Embed security across the SDLC and manage vulnerability detection and remediation.

• Maintain and evolve security tooling (SAST, DAST, scanners).

1. Security Support & Communication

• Act as the main security contact for clients and partners.

• Handle security questionnaires and advisory support for internal teams.

• Drive security awareness through training and simulations.

First Year Projects

To ensure the rapid scaling of our security strategy, the role will begin with high-impact projects. Your initial objectives will include, but not be limited to, the following:

• Posture Analysis and Roadmap: Upon arrival, conduct a risk analysis (like a discovery report) of our security level and current policies in order to challenge and refine the existing strategic roadmap.

• Redesigning our Identity and Access Management (IAM) strategy.

• Governance and Measurement: Create and define the associated KPIs and dashboards to ensure better monitoring of our security level and posture.

• Internal Program: Co-build and launch the future Information Security Officers (ISOs) program within the teams to expand the security culture.

• Education and Experience: Bac+5 degree (Master’s or Engineering School) in Cybersecurity or Information Systems. You have significant experience of at least 5 years in a similar role (CISO, GRC Manager, Cybersecurity Consultant, Security Eng.).

• Technical and Regulatory Expertise: You are proficient in recognised security frameworks (ISO 27001, OWASP, etc.) as well as privacy requirements, especially GDPR.

• Key Qualities: Recognised for your autonomy, proactivity, and ability to make proposals to drive projects forward decisively.

• Communication: You have excellent communication skills in both French and English (French is the everyday language, while English is used for company-wide communication and external relations with clients and partners).

• A security certification is a plus.

• Screening call with Lorenzo your future manager (Information Security Manager) (45min)

• DeepDive into Security, talk on specific topics with Lorenzo (60min)

• TechCase

  • (async in english) prepare a topic presentation / awareness video (5 to 10 min)

  • (live in french) questions / answers with other tech-team members (60min)

• (optional) Panel interview with other wooclapers (non-tech)

• Reference calls (x2)

• Final interview with an Executive Manager (30min)