[Hiring] Senior Cybersecurity GRC @Believe

Role Description

We’re hiring a Security GRC Engineer to help us build governance, risk, and compliance in a way that actually works in a modern tech organization: pragmatic, automation-friendly, and aligned with agile delivery. This is not a “paperwork” job. You’ll partner closely with engineering, product, workplace, auditors, and security to turn risk management and compliance into clear, usable guardrails and you’ll challenge processes that create friction without improving security.

• Risk management that drives decisions
  • Run lightweight, continuous risk assessment and threat modelings with teams (not once-a-year rituals).
  • Translate risk into clear options: impact, likelihood, tradeoffs, and recommended actions.
  • Track remediation plans and provide visibility through simple reporting.
• Build practical governance
  • Maintain and improve security policies/standards so they’re short, actionable, and adopted.
  • Create control objectives that fit real engineering workflows (CI/CD, cloud, SaaS, identity).
• Compliance, without the theater
  • Support audits and evidence collection with a focus on efficiency and reusability.
  • Help align our program with recognized frameworks (e.g., NIST) in a pragmatic way.
  • Develop “compliance-as-code” habits where possible (automated checks, continuous evidence).
• Third-party risk (vendors, partners)
  • Drive assessments, follow-ups, and risk treatment with procurement and stakeholders.
  • Push for scalable vendor processes (tiering, standard questionnaires, measurable requirements).
• Security enablement
  • Create playbooks, templates, and self-service material that teams can use without heavy guidance.
  • Coach teams to understand risk and make better security choices early in delivery.

Qualifications

• Experience in GRC / risk / compliance in a tech environment (security, cloud, SaaS, engineering orgs).
• Strong understanding of security fundamentals: identity, access, logging, incident response, cloud shared responsibility, secure SDLC (at a practical level).
• Ability to write simple, clear policies/standards and translate requirements into engineering-friendly controls.
• Comfort with ambiguity and agility: you can iterate, prioritize, and deliver incremental improvements.
• Excellent stakeholder skills: you can influence without authority, challenge respectfully, and get things done.

Requirements

• Bonus points for experience aligning programs to frameworks (NIST CSF, ISO 27001, SOC 2, etc.).
• Experience with vendor risk platforms or automation (workflows, evidence collection, dashboards).
• Familiarity with “compliance as code” concepts, continuous controls monitoring, or security tooling.
• Experience partnering with product/engineering teams on secure-by-design practices.

Benefits

• Tailor-made training and coaching program.
• Remote working policy.
• A wellness program "Pauses" with many activities and animations in-house.
• Access to Eutelmed, a digital mental health and well-being platform that allows you to speak with an experienced psychologist.
• A healthy and eco-responsible company restaurant.
• Individual or family health insurance.
• CSE benefits.
• A rooftop.
• A gym with free classes.
• Ambassador program: an employee volunteering initiative dedicated to all Believers interested in having a positive impact on Diversity, Equity & Inclusion (DEI), wellbeing, and the planet.
• Implementation of the sustainable mobility package “Forfait mobilité durable” => Reimbursement of up to 600€ for public transport/low carbon footprint.
• 5 calendar days 2nd parent leave with 100% pay (in addition to the legal paternity or adoption leave).