onsite

Head of Security Governance - Deputy CISO - GRC lead

Security Governance - Deputy CISO - GRC

Lead security governance and risk posture for a company handling sensitive health data, ensuring compliance with DORA, HDS, and ACPR regulations, and owning the ISO 27001 ISMS.

About the role

Role Overview

The Head of Security Governance will own the security governance and risk posture of a company that handles sensitive health data for 1M+ members, operates under DORA and HDS certification requirements, and is regulated by the ACPR. They will work in close partnership with Legal, Internal Audit, and the broader Risk function.

What You Will Do

The role will involve owning and operating the ISO 27001 ISMS, being the security expert in the room on regulatory and privacy matters, running risk as a living programme, and owning the controls framework.

Why It Might Be a Fit

The role offers direct impact, complex problems to solve, ownership and growth opportunities, and the autonomy to shape Alan 's security culture across 800+ people.

Requirements

At least one full certification or recertification cycle experience
Knowledge of regulatory requirements such as DORA, HDS, RGPD, PGSSI-S, and NIS2
Experience with EBIOS RM and risk cartography
Ability to translate risk into business language
Influence without authority and manage programmes with audit-grade rigor

Benefits

Prevention as the new norm
Next-Gen Compliance Framework
Automated Audit & Evidence Engine
Living Risk Cartography
Direct Impact
Complex Problems
Ownership & Growth

Originally posted on Himalayas

Skills

iso 27001risk managementsecurity governancecompliance acprregulatory affairsinformation security management system isms

CompanyAlan

DepartmentEngineering

LocationFrance

Experience7+ years

Tenurefull-time

LevelLead

Posted June 6, 2026