We’re looking for a Security Governance Manager to lead Governance, Risk & Compliance across Welcome to the Jungle. You’ll drive our SOC 2 certification, run day-to-day security governance (access reviews, audits, controls, vendor reviews, security questionnaires), and navigate regulatory requirements (GDPR, AI Act, SOC2) to accelerate business growth and meet Enterprise customer needs across our France, UK, and US markets. You’ll work in collaboration with our Security Squad (Platform Engineering, Corporate IT, Legal) and cross-functional teams, with a pragmatic mindset and an AI-first approach to GRC.

Reporting to: Kévin Le Roy, VP AI Transformation, IT & Security

🔑 Key Responsibilities

SOC 2 Certification & Compliance

• Own and drive our SOC2 certification program: gap analysis, control mapping, evidence collection, remediation coordination, and auditor management

• Prepare and coach cross-functional teams for audit readiness through mock audits and training sessions

• Navigate overlapping regulatory requirements and enterprise customer expectations

• Provide security expertise to Legal and DPO on regulatory topics (GDPR, AI Act, etc.)

• Lay the groundwork for future certifications (ISO 27001)

Risk Management & Vendor Security

• Conduct and maintain risk assessments following ISO 27005 methodology

• Own the risk register with quarterly reviews, prioritizing risks by business impact

• Perform SaaS security reviews during procurement and manage third-party risk assessments for critical vendors

• Assess security impact of organizational, technical, or product changes

• Respond to customer security questionnaires and support sales cycles with accurate, timely answers

Security Governance & Controls

• Execute recurring governance activities: monthly control checks, quarterly access reviews (Ploy), periodic internal audits

• Monitor security dashboards and KPIs with Corporate IT and Platform Engineering teams

• Coordinate security incident response and lead post-incident reviews

• Coordinate penetration tests with external providers and track vulnerability remediation with Platform Engineering

• Track and report on security & compliance metrics to leadership

Policy, Awareness & Communication

• Develop and maintain security policies that improve our security posture while minimizing productivity impact

• Maintain and enrich the Security Knowledge Base with up-to-date documentation

• Contribute to Security Committee preparation, facilitate meetings, and drive action items

• Design and deliver security awareness content: onboarding sessions, ongoing trainings (Elba), and internal communications

• Partner with Engineering to continuously improve security in the SDLC and products

• 4 to 7 years of experience in GRC, information security, or IT audit, ideally in a startup/scaleup

• Experience with SOC 2 Type II and other security certifications (ISO 27001, etc.)

• Knowledge of GDPR and data protection best practices

• Autonomous, action-oriented, comfortable with AI tools

• Excellent English; French is a strong plus

Technical Environment

• Identity & Security: Okta (SSO), Kandji (MDM), Cloudflare Zero Trust, Ploy (access reviews), Elba (security awareness)

• Monitoring & SIEM: Datadog, AWS CloudTrail

• Cloud Infrastructure: AWS, GCP

• Daily tools: Notion, Slack, Google Workspace, Dust AI

Recruitment Process

1. Phone screen with Kévin Le Roy, future manager (30 min)

2. Technical test (60 min)

3. 2 Values Interviews

4. Offer 🎉