Head of Data Protection & Cybersecurity Risk at FIFA ensuring compliance with data protection laws. Leading strategy while managing risks related to data security and privacy.
About the role
- Information Security Manager responsible for Aircall’s information security strategy, governance, and risk management. Operating across security, IT, privacy, and product teams in a fast-paced environment.
Responsibilities
- Develop and maintain the company-wide security strategy, policies, and governance frameworks.
- Ensure ongoing compliance with SOC 2, GDPR, NIST.
- Determine in conjunction with the other security stakeholders the company’s strategy to pursue additional certifications and other relevant global security standards (e.g., ISO 27001).
- Participate in building the Governance, Risk & Compliance (GRC) function, aligning with privacy, compliance, and enterprise risk function; maintaining and executing against a risk matrix.
- Ensure that each branch of Information Security is performing its responsibilities effectively and operating in a coordinated manner.
- Lead enterprise-wide security risk assessments, gap analyses, and mitigation planning.
- Partner closely with Legal/Privacy on regulatory obligations, including GDPR, data residency requirements, and incident reporting.
- Oversee vendor risk management and security due diligence, ensuring consistent assessment standards and cross-functional alignment.
- Build and manage a scalable vendor security program, including due diligence, remediation, and monitoring.
- Maintain and refine incident response policies, workflows, roles, and communication procedures.
- Coordinate cross-functional participation during security events, ensuring documentation, communication, and post-incident reporting.
- Serve as the point of escalation for major security events.
- Ensure clear reporting lines, accountability, and coordination between IT Security and Engineering/Product Security.
- Work closely with IT, Product, Engineering, and Data teams to embed security-by-design throughout the development lifecycle.
- Manage dotted-line reporting relationships with Security Engineers and IT team members, ensuring unified strategic direction while respecting functional dependencies.
- Represent Information Security to the Board, Audit Committee, customers, and regulators, as needed.
- Lead company-wide security training and awareness initiatives.
- Promote a security-first culture across all functions, ensuring employees understand their role in protecting company and customer data.
Requirements
- 8+ years of experience in Information Security, including security governance or GRC leadership roles within SaaS or cloud based companies.
- Deep knowledge of SOC 2, ISO 27001, NIST, GDPR, and modern security frameworks.
- Hands-on experience with GRC platform (Drata, One Trust, Vanta etc.)
- Experience leading cross-functional initiatives and managing multiple stakeholders.
- Experience with risk management, vendor security, and policy development.
- Proven ability in dealing with incident response and security operations.
- Strong communication skills, with experience presenting to executives or boards.
Benefits
- Medical, dental, and vision insurance is 100% covered
- 401k plan with company matching!
- Unlimited PTO — take the time you need to come to work feeling great!
- Wellness, commuter, and childcare reimbursements
- Generous parental leave policy
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Operational Security & Public Safety Manager for East West Railway Company. Leading operational security and public safety strategy for a major railway infrastructure project.
Network Security Engineer supporting network security improvement programmes focused on segmentation and vulnerability management in the public sector. Collaborating with architecture and security teams to implement secure controls.
Mid - level to senior associate attorney for privacy litigation in a collaborative environment. Join a team focused on groundbreaking privacy issues for marquee tech and retail clients.
Cloud Security Engineer focused on enhancing security in a cloud - native fintech platform. Collaborating with teams to integrate security into infrastructure and software development processes.
Teamleiter:in IT Perimeter Security Engineering leading a team in Cyber Security solutions. Working in Winterthur and Arlesheim with personal and technical team guidance and customer projects.
Security Consultant responsible for integration, configuration, and deployment of security solutions at Atos. Collaborating with clients and providing technical support across diverse environments.
Cybersecurity Engineer supporting security controls and implementing industry best practices for Bancolombia. Ensuring compliance and quality of service delivery for client satisfaction.
IT Security Expert ensuring secure network infrastructure for clients through administration and support. Join our motivated team at Omexom, specializing in energy infrastructures.
Business Development Manager facilitating market success and customer engagement within Defence & Security at Dräger. Contributing to strategy development and maintaining client relationships.