As the security team, our ambition is to:

• Security Leader: Have the best security among our competitors 🏰

• Guardian of Trust: Not only meet, but exceed the highest security standards required by our customers and partners 🧑‍🏫.

• Total Resilience: Build defences that makes us indestructible and guarantees our operational resilience 🛡️

• Support of our Growth: Support Wooclap in its global expansion 🌎

As an Operation Security Officer, you will be the second member of the Wooclap Security team. This position is inherently cross-functional: you will work in close collaboration with the Technical team, while being the key contact for all internal stakeholders (Business, Legal, Operations, Marketing teams, etc.).

This role is essential in the context of Wooclap’s international growth.

We rely on your autonomy and initiative to build the future of our security. You will lead strategic projects from A to Z, support our clients and partners, and evolve our Security posture to anticipate the risks associated with our rapid expansion.

Your missions:

1. Governance, Risk, & Compliance

• Contribute to the Security Vision: Contribute to the security strategy and roadmap, in close collaboration with Security Management, the technical teams, and all stakeholders.

• Contribute to Compliance: Ensure continuous alignment with international standards (e.g., ISO 27001) and key regulations (GDPR, etc.). Ensure follow-up on legal and regulatory obligations (CNIL, cloud hosting, etc.).

• Improve Security Policies: Define and maintain security policies (access control, encryption, device management, data protection) and oversee their deployment and implementation by the relevant teams (HR, suppliers, etc.).

• Committees and Monitoring: Create security committees, KPIs, and dashboards to track the security posture and report to the Management team or the Board, if necessary.

• Governance and Reporting (KPIs): Create and lead security committees, define KPIs and dashboards to track the security posture, and clearly communicate the level of risk to the Management team.

• Audit and Certification: Lead security audits (both internal and external), monitor and enhance compliance with ISO/IEC 27001, and contribute to future certifications.

2. Security Project Management

• Access Management (IAM): Lead the project to create a new rights and access management (IAM) strategy.

• Tooling: Participate in the selection and deployment of the next SIEM and launch large-scale projects (e.g., Bug Bounty, EDR).

• Endpoint Security: Evolve the security aspects of the device fleet and related subcontractors.

• Incident Strategy: Establish the new security incident management strategy and business continuity plans.

• Simulation and Post-Mortem: Organize crisis simulation exercises to test process resilience and lead post-mortem analyses.

• Internal Program: Co-build the future Information Security Officers (ISOs) program within the teams.

3. App & Infrastructure Security

• Security by Design: Define and promote secure development best practices within the TECH team.

• Architecture Review: Lead architecture and implementation reviews for critical functionalities (authentication, payments, APIs, AI usage, etc.).

• SDLC Integration: Collaborate with Engineering Managers and the DevX team to integrate security throughout the Software Development Life Cycle (SDLC).

• Vulnerability Lifecycle Management: Establish and oversee the process for detecting, classifying, and remediating vulnerabilities.

• Security Tooling: Maintain and evolve security tools (SAST, DAST, vulnerability scanners) for proactive fault detection.

4. Security Support & Communication

• External Support: Manage security support for clients and partners and be the key contact for our clients and partners on security and confidentiality topics.

• Security Forms: Respond to security questionnaires and contribute to process improvement (Communication, AI, etc.).

• Internal Advice: Act as a privileged advisor to the Product, Engineering, and Business teams on all security matters.

• Awareness and Training: Actively promote a culture of security and shared responsibility. Organize regular awareness initiatives (phishing simulations, training sessions).

First Year Projects

To ensure the rapid scaling of our security strategy, the role will begin with high-impact projects. Your initial objectives will include, but not be limited to, the following:

• Posture Analysis and Roadmap: Upon arrival, conduct a risk analysis (like a discovery report) of our security level and current policies in order to challenge and refine the existing strategic roadmap.

• Redesigning our Identity and Access Management (IAM) strategy.

• Governance and Measurement: Create and define the associated KPIs and dashboards to ensure better monitoring of our security level and posture.

• Internal Program: Co-build and launch the future Information Security Officers (ISOs) program within the teams to expand the security culture.

• Education and Experience: Bac+5 degree (Master’s or Engineering School) in Cybersecurity or Information Systems. You have significant experience of at least 5 years in a similar role (CISO, GRC Manager, Cybersecurity Consultant, Security Eng.).

• Technical and Regulatory Expertise: You are proficient in recognised security frameworks (ISO 27001, OWASP, etc.) as well as privacy requirements, especially GDPR.

• Key Qualities: Recognised for your autonomy, proactivity, and ability to make proposals to drive projects forward decisively.

• Communication: You have excellent communication skills in both French and English (French is the everyday language, while English is used for company-wide communication and external relations with clients and partners).

• A security certification is a plus.

• Screening call with Lorenzo your future manager (Information Security Manager) (45min)

• DeepDive into Security, talk on specific topics with Lorenzo (60min)

• TechCase

  • (async in english) prepare a topic presentation / awareness video (5 to 10 min)

  • (live in french) questions / answers with other tech-team members (60min)

• (optional) Panel interview with other wooclapers (non-tech)

• Reference calls (x2)

• Final interview with an Executive Manager (30min)