Security Governance / GRC lead
alan
Health can’t wait .
Not for symptoms to get worse. Not for a six‑month appointment. Not for a system to catch up. But that’s exactly how healthcare works today. You wait, until you can’t.
Alan exists to end the wait.
Health is a universal right, and we believe this right can only become real when it’s coupled with prevention. We need to stop treating health as something we repair and start treating it as something we build, every day. It’s not solely a question of willpower. It’s the healthcare system itself that needs to work for everyone, in a sustainable way.
So we are building the new standard in prevention insurance. Alan is the first company that integrates insurance, prevention, and care into a single, acclaimed user experience.
We are on an incredible journey to build a global leading company, with a unique culture . We already partner with 40K+ companies of all sizes, serving more than 1M+ members, and have reached €800M+ in ARR.
Prevention as the new norm. That's what we're building with our team of 800+ people. If it speaks to you: we're hiring across France, Spain, Belgium, and Canada. And beyond.
Alan operates at the intersection of health insurance, prevention, and regulated data. The person in this role owns the security governance and risk posture of a company that handles sensitive health data for 1M+ members, operates under DORA and HDS certification requirements, and is regulated by the ACPR. They work in close partnership with Legal, Internal Audit, and the broader Risk function — this is a collaborative role, not a siloed one.
️ Your mission — Governance, risk & compliance
Own and operate the ISO 27001 ISMS. You are the accountable owner of the Information Security Management System — scope definition, Statement of Applicability, internal audit programme, and management review. You've led at least one full certification or recertification cycle and know what breaks down in the months between audits.
Be the security expert in the room on regulatory and privacy matters — not the owner. Legal leads on DORA, HDS, RGPD, PGSSI-S, and regulatory relationships. Your role is to bring the technical and operational security substance: translating regulatory requirements into controls, flagging implementation gaps, and making sure the security programme holds up when the regulatory team negotiates with the ACPR or ANS.
Run risk as a living programme, in partnership with the broader risk function. You lead security risk cartography using EBIOS RM and ensure it feeds into — and is informed by — the company-wide risk framework. You facilitate risk workshops, produce treatment plans, and bring the security lens to forums where non-security risks are also on the table. You know when a security risk is actually a business risk in disguise.
Own the controls framework, but distribute ownership of controls themselves. You define the framework, set the standards, and track coverage — but the controls live with the teams who build and run the things they protect. You work closely with Infrastructure, Platform, and Engineering to ensure foundational building blocks (identity, network, secrets management, logging) are designed with security requirements embedded, not bolted on. You're a partner to those teams, not an auditor standing over them.
Run audit cycles with rigour, in close partnership with Internal Audit. You manage the security audit programme and coordinate with certification bodies, but you're not operating in a vacuum. You work with Internal Audit to align scopes, avoid duplication, and present a coherent picture of control effectiveness to the board. You've sat in joint audit planning sessions and know how to make that relationship productive rather than territorial.
Manage third-party risk with real teeth. You run vendor security assessments, define contractual security requirements (security annexes, DPAs). You partner with our Risk team, which oversees third-party risk, and own the security dimension.
Bring the health sector context. You understand the ANS framework, CERT Santé requirements, and what it means to handle sensitive health data operationally — not just on paper. You're a useful partner to Legal when the question is "what does this regulation actually require us to do technically?"
Own incident governance and support DORA reporting. You classify and escalate ICT incidents internally, own BCP and DRP governance, and provide the security substance for DORA incident reports.
What you'll build and who you'll work with
Next-Gen Compliance Framework : ISO 27001, DORA, HDS, NIS2 — multiple regulators, multiple countries, one coherent governance backbone. Build the system that lets Alan scale from 1M to many millions of members without rebuilding compliance every time.
Automated Audit & Evidence Engine : Replace manual evidence collection with scripted pipelines plugged directly into engineering systems. Turn audit cycles from quarterly fire drills into a continuous capability.
Living Risk Cartography : Risk treated as an operational signal, not a static deliverable. EBIOS RM at the core, feeding directly into business and engineering decisions.
You'll work closely with Legal, DPO, Internal Audit, and the broader Risk function — and partner day-to-day with Infrastructure, Platform, Engineering, Product, and Operations. You're the bridge between regulatory complexity and operational simplicity.
⚡ Why this role is special
Direct Impact : You own the trust foundation that lets Alan handle health data for 1M+ members and operate in highly regulated markets. Your work is the precondition for everything else Alan does.
Complex Problems : 4 regulators across 4 countries, sensitive health data, and a regulatory landscape that keeps shifting (DORA, NIS2, AI Act) — to be modeled into a single, coherent control system.
Ownership & Growth : Board and executive exposure, real influence on company-wide risk decisions, and the autonomy to shape Alan's security culture across 800+ people.
What you will also do — Technical enablement
Automate compliance work wherever possible. You script evidence collection, automate control testing, and connect GRC tooling to engineering pipelines. You've used Python or similar to reduce the manual lift of an audit cycle, and you actively look for the next process to streamline.
Configure and own GRC tooling, not just use it. You can administer platforms like CISO Assistant, ServiceNow GRC, or Archer — designing workflows, building dashboards, and making them actually useful for the teams that feed them data.
Speak cloud governance fluently. You understand shared responsibility in HDS-qualified environments, know what CSPM tools surface and what they miss, and can reason about policy-as-code (OPA, SCP) without needing an engineer to translate.
Read architecture well enough to challenge it. You can review a proposed architecture, identify control gaps in identity, network segmentation, encryption, or logging, and push back credibly in a room of engineers — without pretending to be one.
Interpret vulnerability data and drive prioritisation. You read scan outputs, work with engineering teams to prioritise remediation by business risk rather than CVSS score, and track resolution KPIs over time.
⭐️ Qualifications — Mindset and soft skills
You translate risk into business language. You can brief a board or an audit committee and make them feel informed — not overwhelmed or underwhelmed. You know the difference between a finding that requires an emergency board call and one that belongs in a quarterly report.
You influence without authority. You align Legal, DPO, Risk, Engineering, Product, and Operations on security requirements without creating blockers or adversarial dynamics. People don't avoid you — they come to you early because you make their lives easier, not harder.
You manage programmes with audit-grade rigor. You run structured, traceable roadmaps. You know where every commitment is, who owns it, and when it's due. You escalate proactively and don't let dependencies surprise you.
You build security culture, not compliance theatre. Your awareness programmes land because they're relevant, not because they're mandatory. You foster proportionate risk ownership across the company — the goal is teams making better decisions, not teams checking boxes.
You think in principles when frameworks shift. DORA is live. NIS2 transposition pace varies. The AI Act is arriving. You don't freeze when the regulatory landscape moves — you reason from first principles and adapt without waiting to be told what to do.
How we work
Location : Paris-based, hybrid. We value in-person collaboration and ask Alaners to be in the office part of the week.
We hire people, not checklists. If you're excited by this scope but don't check every box, we'd still love to hear from you.
- 2 100 € a 2 500 €Estimé...équipe Data Capabilities, nous recherchons un(e) Data Quality Lead pour accompagner la structuration de notre gouvernance Data et... ...Profil recherché : - 7 à 10 ans d'expérience minimum en Data Governance, Data Quality ou Enterprise Data Management. - Expérience avérée...SuggéréTemps plein
- ...incredible journey to build a global leading company, with a unique culture . We... ...The team and your missions You will lead Alan's Security team, a highly technical group operating... ...on LLM security, agent risks, and AI governance, and the ability to translate that...SuggéréTélétravail
- 2 400 € a 2 900 €Estimé...cybersécurité . Votre terrain de jeu ? Un leader mondial incontesté de l'aéronautique.... ...le fer de lance du déploiement de leur sécurité numérique au cœur d'un site industriel d... ...(e) au cœur du département Corporate Security , vous ne ferez pas que suivre les règles...SuggéréTemps plein
40k € a 60k €/an
...Entretien RH puis validation technique avec la direction. Parcours : Vous justifiez d'une expérience réussie sur des fonctions de Tech Lead SI, d'Ingénieur d'Intégration ou de Consultant Technique ERP/E-commerce. Une expérience dans l'univers de la distribution ou de la...SuggéréCDITemps pleinTravail hybride- 1 800 € a 2 100 €Estimé...Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves... ...THE ROLE We are seeking a Lead Data Architect to secure the urbanization of our data platform... ...Your primary mission is to design and govern a coherent, scalable data architecture...Suggéré
- 2 100 € a 2 500 €EstiméL'entreprise Walter Learning conçoit, produit et dispense des formations en ligne à destination des professionnels et des personnes qui cherchent à construire leur avenir professionnel. Alliant création de contenus pédagogiques et expertise technologique...Temps pleinAlternance
- ...It’s a journey on which you rise. YOUR ROLE At CEVA Lead Logistics, we are providing customers with outstanding Visibility... ...Project communication: provide regular project reporting, govern regular project steering calls, including escalation of persisting...Temps plein
- 2 000 € a 2 400 €EstiméÀ propos du poste Tech Lead Java & Innovateur IA (H/F) Contexte / Projet DIGWAY recrute un(e) Tech Lead Java & Innovateur IA (H/F) pour intervenir sur un projet client en cours, au sein d'un environnement collaboratif et stimulant. Vous intégrerez une équipe...CDIContrat d'apprentissageFreelanceTélétravail
- 2 000 € a 2 400 €Estimé...Factory ou chez nos clients, vous interviendrez en tant que Tech lead Java. Vos missions : - Concevoir et développer des... ...de code, bonnes pratiques, tests) - Assurer la performance, la sécurité et la scalabilité des applications - Collaborer avec les équipes...Temps plein
- 2 000 € a 2 500 €Estimé...valeur : bases de données, plateformes data, cloud, automatisation, sécurité et performance applicative. Notre ambition est de garantir la... ...expertise chez notre client à Marseille en tant que : Tech Lead (F/H) Contexte de mission : Le département IT assure la...CDITélétravail
22k € a 28k €/an
...croissance. Tu es ambitieux, responsable, avec l’esprit entrepreneurial ? Rejoins l’ aventure ! Présentation du poste En tant que Lead Generation Specialist, vous serez au cœur de notre stratégie de croissance. Votre journée type sera rythmée par des actions...Stage15 € a 16 €/heure
...approvisionnement des lignes, filmage des palettes de la veille et chargement de la navette) - Garantir le respect des consignes de sécurité et des procédures internes Modalités du contrat : - Type de contrat : CDI - Lieu : Cabriès (13480) - Horaires : 37 heures...CDICDDIntérimAlternanceDu lundi au vendredi33.6k € a 42k €/an
...Responsable Maintenance Participer au diagnostic des pannes complexes et aux interventions critiques Veiller au respect des règles de sécurité, des procédures qualité et des normes réglementaires Contribuer à l'amélioration continue des équipements et des méthodes de...CDI- 2 800 € a 3 400 €EstiméÀ propos de nous Et si nous considérions les lead développeurs seniors / Tech Lead non seulement comme des experts du code, mais aussi comme des visionnaires capables de guider des équipes vers la création de solutions numériques innovantes et robustes ? Pour tenir le...Travail hybride
- 1 900 € a 2 300 €Estimé...progresser à une vitesse remarquable et de manipuler des technologies (très) récentes. Votre rôle et vos missions : En tant que Lead Tech Java/Angular , vous serez l’interlocuteur technique majeur pour l’équipe Sopra Steria et pour le client. Vous interviendrez...Temps pleinTravail hybride
- 1 800 € a 2 200 €Estimé...spécifiques mettant en œuvre notre expertise métier et sont réalisés avec nos partenaires du domaine du transport. Nous recherchons un(e) Lead Développeur Java pour prendre la responsabilité de l'équipe de développement de notre application phare MobilitX , une plateforme...Temps pleinTravail hybrideTélétravailHoraires flexibles
14.43 €/heure
Dans le cadre de notre activité, nous recherchons un(e) Chef(fe) d'Equipe en CDI 39h sur le secteur de Marseille (13) Permis B OBLIGATOIRE Rattaché(e) au Responsable d'exploitation, vos missions principales seront les suivantes : NETTOYAGE DES LOCAUX : - Préparer...CDITemps plein53.8k € a 66.5k €/an
...FORME DE COLLABORATION NE POURRA ÊTRE ÉTUDIÉE . Dans le cadre du développement de nos activités industrielles, nous recherchons un(e) Lead Technique Électricité & Instrumentation afin d'intervenir sur des projets industriels à forte valeur ajoutée. Vous serez le...Temps plein- 2 100 € a 2 500 €Estimé...for a *newERP Cross-functional Integration Leader for Operations (f/m)* to join our... ...level. * *Design & Architecture Support:* Lead Functional Design & Architecture, supporting... ...consistency checks. * *Decision Making & Governance:* Prepare, review, and validate Key...CDIHoraires flexibles
- 2 100 € a 2 500 €Estimé...dans leur montée en compétences ou encore partager vos expertises pour enrichir nos savoir-faire ? Rencontrons-nous ! En tant que Lead Tech Java/Angular , vous êtes l’interlocuteur technique majeur pour l’équipe Sopra Steria et pour le client. Vous intervenez sur l’...2 jours/semaineTemps pleinTélétravail
- 1 800 € a 2 000 €Estimé...HubSpot) pour améliorer la performance commerciale - Analyser les parcours utilisateurs et identifier les points de friction - Remonter les insights aux équipes Sales, Produit et Marketing - Participer à l?amélioration de l?onboarding des nouveaux leads/utilisateursAlternance
- 2 300 € a 2 900 €Estimé...Change & Transformation We're looking for a Portfolio Manager to lead a portfolio of technology change initiatives in a regulated... ...logistics and distribution environment. You will drive robust governance, prioritisation, delivery assurance and benefits realisation across...Temps pleinStage
- Description de l'entreprise Devoteam est un leader du conseil en stratégie digitale, plateformes technologiques, cybersécurité et... ...et métier (qualité, performance, coût, délais et sécurité). Vous aurez pour mission de : Pilotage de projets infra...Travail hybride
- 2 300 € a 2 800 €EstiméLe poste : Sous la responsabilité d'un Directeur de Projets, vous êtes en charge de la conception de projets d'infrastructures linéaires, de projets routiers et d'aménagements urbains. Vous aurez les responsabilités suivantes : - Rédaction des mémoires de réponse ...Temps plein
- 2 400 € a 3 000 €Estimé...technique. - Compréhension des systèmes et réseaux (Windows, Linux, VMware, Cloud, etc.) et des bonnes pratiques en matière de sécurité. - Outils de gestion de projet : Maîtrise des méthodologies de gestion de projet (PMP, PRINCE2) et des outils associés (MS Project...Temps plein
55k € a 65k €/an
Description de l'entreprise : B2R Group, cabinet conseil en recrutement dédié aux passionnés de l'immobilier et de la construction recrute pour son client : Groupe d'ingénierie d'envergure nationale et internationale spécialisé dans des projets d'infrastructures et d'...CDITemps plein38k € a 42k €/an
Pour servir ses ambitions, Kincy souhaite renforcer son département Conseil (Manage) avec le recrutement d’un(e) : Consultant(e) / Chef de Projet infrastructures IT, en CDI. Kincy c’est plus de 20 ans d’expérience au service de ses clients : PME, Start-up, ETI, avec...CDITélétravail- 2 200 € a 2 700 €Estimé...qualité de service, en assurant le respect de l’hygiène et la sécurité des biens et des personnes. • En étant garant du respect des... ...durable. Qualifications Vous êtes/avez déjà : Un véritable leader doté d’une capacité d’analyse, d’anticipation, d’adaptation et...Temps plein
- 2 000 € a 2 400 €EstiméDétails de l'offre Famille de métiers Culture Politiques territoriales d'action culturelle Grade(s) ...Temps pleinTélétravailHoraires flexibles
- 2 400 € a 2 800 €EstiméRejoignez-nous et faites avancer à grand pas l’ingénierie co-créative de demain ! Plus en détail, TPF INGENIERIE C’est qui ? C’est quoi ? #127757; Depuis 2005, TPF Ingénierie fait partie du Groupe international TPF, présent dans 22 pays, avec 5 250 collaborateurs...Télétravail
Voulez-vous recevoir plus d'offres d'emploi ?
S'abonner et recevoir des offres d'emploi similaires à Security Governance / GRC lead. Soyez parmi les premiers à postuler !
- leader-interim Marseille
- responsable equipe relations clients Marseille
- chef d'équipe en maroquinerie Marseille
- chef d'équipe Marseille
- chef d'équipe logistique Marseille
- lead qa Marseille
- chef d'équipe btp Marseille
- responsable d equipe Marseille
- chef d'equipe travaux publics Marseille
- domain leader Marseille


