We're a product-first team on a mission to help grow the cybersecurity culture 🔐

We want to instill cybersecurity good practices to employees in a way that's actually effective, and entertaining enough so that employees don't feel like they're working. Think Duolingo but for cybersecurity.

We created a platform to easily rollout a cybersecurity awareness program: the platform sends chat-based 4-minutes long courses to teams. Following the courses, the other side of the platform simulates phishing attacks, to prepare employees to face hackers, but in a safe environment.

Created in 2020, Riot has raised $45m with leading investors (Y Combinator, Left Lane, Base10, Funders Club and Frst Capital) and is now protecting more than 2 millions employees in over 2,000 companies (including Intercom, Deel, and Deezer) all over the world.

Cybersecurity is everywhere. It's impacting everyone, everyday, and it's becoming the number one risk to any organization, whether it's a small business or a big firm. Yet, the cybersecurity culture in most companies is a disaster. Hackers are leveraging this by targeting the weakest link: the employees. We're on a mission to fix that.

As the second security member in our organization, you will help us reach the next milestone in our security governance strategy, risk management and compliance requirements.

As Riot is aiming to be ISO 27001 and ACN certified in 2026, you will play a crucial role in our compliance strategy and making security a business accelerator.

What you will do 🤝

- Build and maintain our GRC framework, including policies, procedures, risk registers, and controls.

- Conduct risk assessments, vendor security reviews, and internal audits.

- Prepare the organization for external audits and certifications (SOC 2, ISO 27001, ACN…), including evidence collection and remediation tracking.

- Provide guidance and awareness to teams on security and compliance best practices.

- Additional security technical projects may be added depending on company needs and growth.

Who you are 🪪

- Experience: 1-4 years experience in security engineering or consulting.

- Familiarity with SOC 2, ISO 27001, and risk assessment methodologies.

- You have hands-on experience with bug bounty programs, vulnerability management, security questionnaires…

- You have strong communication skills and the ability to work collaboratively with engineering and cross-functional teams.

- You have a full professional proficiency in English and native in French.

- You're based in Paris or you're willing to relocate.

It will be a cultural fit if 🫂

- You're a doer: not afraid to get your hands dirty and get things done

- You have high standards: expect performance to be nothing short of the best

- You are an enthusiastic at heart: exhibit passion and excitement over work

Why join us at Riot 💜

- Join a healthy-financial company: we're financially strong and highly capital-efficient. Fundraising fuels our momentum, enabling us to scale faster and unlock new growth opportunities

- Contribute to a fast-moving environment where growth is real, our revenue grew by an impressive 2x in 2025!

- Experience the energy of a collaborative team in our modern and cosy office located in heart of Paris: Canal Saint Martin / République

Recruitment process 🎙️

- First call with our Tech Talent Acquisition Manager or our Security Engineer (30min)

- Second call with our Security Engineer (30min)

- Onsite case study with the CTO & Security Engineer (90min)

- Culture Fit interview

Please note that this is an on-site position with up to 2 days per week of remote work.

At RIOT, we believe that diversity drives innovation and inclusion fosters belonging. We are committed to building a team that reflects a wide range of perspectives, backgrounds, and experiences. We welcome candidates from all walks of life and are dedicated to creating an environment where everyone feels valued, respected, and empowered to thrive.