60 Emplois pour Cism - France

Overview

ISMS Apprentice (Information Security Management System) focused role within Netatmo. You will actively contribute to the implementation, audit preparation, and continuous improvement of our ISMS aligned with ISO 27001. This operational position offers an opportunity to develop skills in cybersecurity governance, data protection, and risk management in a collaborative environment.

• Support for the ISMS project: assist with coordination, monitoring, and documentation of activities related to the ISMS, in view of the ISO 27001 audit scheduled for November 2025 and renewal activities.
• Support for data deletion: participate in the implementation and monitoring of information deletion processes in line with internal policies and GDPR requirements (basic knowledge of GDPR is a plus).
• Supplier security assessment: contribute to security assessments of external service providers by reviewing documents, questionnaires, and follow-up actions to ensure ISO 27001 compliance.
• Cybersecurity governance: participate in initiatives to strengthen the organization’s overall security framework.
• Security awareness and communication: help promote understanding and adoption of ISO 27001 policies and cybersecurity best practices among internal teams.

• Practical experience in information security audits and compliance projects.
• Practical knowledge of ISO 27001 implementation and renewal processes.
• Familiarity with international standards and regulatory frameworks.
• Opportunity to work with multidisciplinary teams on a variety of cybersecurity-related topics.
• Solid foundation for a career in cybersecurity, risk management, or ISMS governance.

• Required skills: Teamwork, problem-solving, organizational skills, willingness to learn, and fluency in spoken and written English.
• Education and Knowledge: Master’s degree in engineering or technical fields; initial experience in cybersecurity or information security is preferred; knowledge of ISO 27001 is preferred; awareness of ISO 9001 or ISO 31000 is a plus; familiarity with GDPR and data protection principles.

• Vacation bonus
• CET: time savings account
• PERECO contribution
• Allowance for purchasing teleworking equipment
• 50% reimbursement of transportation costs
• Soft mobility allowance
• Eco-friendly building with concierge service
• On-site gym, meal vouchers, access to inter-company restaurant
• Remote working
• 100% paperless health insurance: Alan
• Access to an e-learning platform
• Board games, ping-pong, foosball; parking options

• Seniority level: Internship
• Employment type: Internship
• Job function: Information Technology
• Industries: Consumer Electronics

The Information Systems Security Manager (ISSM) is responsible for overseeing the security of an organization’s information systems and ensuring compliance with industry regulations, company policies, and best practices. The ISSM plays a critical role in managing risks, implementing security controls, and leading a team to protect sensitive information from internal and external threats.

• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Ensure alignment with industry standards (e.g., ISO 27001, NIST, GDPR, CMMC, or local regulations).

• Identify, assess, and mitigate risks associated with the organization’s information systems.
• Conduct regular vulnerability assessments and penetration tests.

• Lead the development of incident response plans and procedures.
• Oversee investigations of security incidents and implement corrective measures.
• Communicate with customers on incidents impacting them.

• Ensure compliance with legal, regulatory, and contractual security requirements.
• Prepare for and manage internal and external security audits.
• Lead and chase stakeholders inside the company to feed all security and compliance documents asked by regulators and customers.

• Provide training and awareness programs to employees on security best practices.

• Oversee the implementation of technical security solutions such as firewalls and encryption technologies.
• Ensure secure configuration and patch management of IT systems.

• Work closely with IT, operations, legal, and management teams to integrate security into organizational processes.
• Provide security guidance during project planning and system development.

• Monitor systems for unusual activity and potential threats.
• Report on security metrics, trends, and incidents to the global system director.

• Stay updated on the latest cybersecurity threats, trends, and technologies.
• Propose proactive measures to address emerging security challenges with the global system director.

• Bachelor’s degree in Information Security, Computer Science, or a related field (Master’s degree preferred).

• 5+ years of experience in information security, risk management, or related roles.
• Proven track record in managing security programs and teams.

• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certified Ethical Hacker (CEH).
• GIAC Security Essentials (GSEC).

• Strong knowledge of security frameworks (e.g., NIST, ISO 27001, COBIT).
• Familiarity with SIEM tools, firewalls, and antivirus systems.
• Proficiency in conducting risk assessments and implementing security controls.

• Excellent leadership and team management abilities.
• Strong analytical, problem-solving, and decision-making skills.
• Effective communication and interpersonal skills to collaborate with diverse stakeholders.

If you want to meet this challenge in a human-sized company, join us!

France

Permanent

ASAP

Apply now:

Upload CV *

Please tick this box if you would like to receive updates with our latest insights, industry trends, and invitations to flagship events. You can unsubscribe from these communications at any time.

By submitting this form you have read and agreed to our privacy policy and you consent to allow BSO to store and process the information submitted on this form.

Overview

Head of Information Security will lead the information security function end-to-end, own the ISMS and risk governance, land regulatory outcomes (notably DORA and ISO 27001 ), embed security into the SDLC, and strengthen incident readiness. You’ll enable teams to make good security decisions, communicate clearly with executives and partners, and turn complexity into tangible next steps.

• Own the ISMS (policies, risk register, KRI) and keep governance practical, measurable and audit-ready.
• Drive regulatory readiness for DORA and ISO 27001 (gap overview, artefacts, timelines, immovable dates incl. the annual report for payment institutions).
• Lead incident preparedness and response: playbooks/runbooks, tabletop exercises, clear roles/on-call, post-incident learning.
• Embed secure-by-design in the SDLC: lightweight security gates (e.g. threat modeling, dependency hygiene, SAST/DAST), developer enablement and metrics.
• Own third-party/vendor risk for critical providers in partnership with Procurement, Legal and Risk.
• Influence & enable: build trust with Eng/IT/Product/Data/Legal; make security a shared responsibility.
• Steer external partners (e.g., ISO support) and plan the hiring of 1 FTE to complete a lean, high-impact team.
• Communicate clearly to executives, partners and (as needed) supervisors.
• Lead and mentor a team (2 security engineers), prioritizing the team's workload, ensuring alignment with the company's security goals and overseeing their professional development.

• Establish a baseline of our security posture by reviewing governance, technology and team practices, and refresh the risk register with practical KRIs.
• Create regular working cadences with leaders in Engineering, IT, Product, Data and Legal so decisions move quickly.
• Publish a prioritised twelve to eighteen month security roadmap with concrete Q1 and Q2 outcomes for DORA, ISO 27001 and incident readiness.
• Schedule and run an incident tabletop; clarify on-call roles and escalation paths; capture lessons and owner actions.
• Prioritise vendor risk across critical providers and make the audit artefact backlog visible with owners and due dates.
• Align the security operating rhythm by preparing inputs for the risk committee, incident reviews and change advisory.

Job located in Berlin or Paris, with possibility of two remote working days per week.

• Senior leadership experience in product-centric, cloud-heavy environments (scale-up pace or similar).
• Hands-on security governance & risk and regulatory experience relevant to European payment institutions (DORA, ISO 27001).
• Proven record of embedding secure SDLC with Engineering and Product.
• Confident incident leader; calm under pressure; learns fast.
• Clear, concise communicator; able to influence from code review to boardroom.
• Fluent English; French or German is a plus.

• Certifications (e.g., CISSP, CISM, CCSP, AWS Security) used as tools, not crutches.
• Exposure to supervisors (e.g., ACPR, BaFin, FCA) or regulated audits.
• Consulting/fractional CISO background; impact with small teams.

• Compensation: Competitive salary depending on experience and location.
• Remote Work Culture: Work from our Berlin or Paris office, with possibility of remote working days.
• Scale-Up Impact: Join a high-growth environment with ~500 passionate people across Europe and multiple acquisitions; your work has direct, measurable impact.
• Modern stack & tools: Cloud-first product, CI/CD, security tooling (SAST/DAST, dependency scanning), and ISMS/GRC practices.

We follow the principle of equal treatment to consider all job applicants and do not discriminate based on gender, sexual orientation, color, racial or ethnic origin, religion, disability, etc. as per applicable law.

• Executive

• Full-time

• Legal

• Technology, Information and Internet, Information Services

Referrals increase your chances of interviewing at Ageras Advisor by 2x

Get notified about new Head of Information Security jobs in Paris, Île-de-France, France .

Overview

Join to apply for the Head of Information Security role at Ageras Danmark .

Job located in Berlin or Paris, with the possibility of two remote working days per week.

• Own the ISMS (policies, risk register, KRI) and keep governance practical, measurable and audit-ready.
• Drive regulatory readiness for DORA and ISO 27001 (gap overview, artefacts, timelines, immovable dates incl. the annual report for payment institutions).
• Lead incident preparedness and response : playbooks/runbooks, tabletop exercises, clear roles/on-call, post-incident learning.
• Embed secure-by-design in the SDLC : lightweight security gates (e.g. threat modeling, dependency hygiene, SAST/DAST), developer enablement and metrics.
• Own third-party/vendor risk for critical providers in partnership with Procurement, Legal and Risk.
• Influence & enable : build trust with Eng/IT/Product/Data/Legal; make security a shared responsibility.
• Steer external partners (e.g., ISO support) and plan the hiring of 1 FTE to complete a lean, high-impact team.
• Communicate clearly to executives, partners and (as needed) supervisors.
• Lead and mentor a team (2 security engineers), prioritizing the team's workload, ensuring alignment with the company's security goals and overseeing their professional development.

• You establish a clear baseline of our security posture by reviewing governance, technology and team practices, and you refresh the risk register with practical KRIs.
• You create regular working cadences with leaders in Engineering, IT, Product, Data and Legal so that decisions and trade-offs move quickly.
• You publish a prioritised twelve to eighteen month security roadmap with concrete Q1 and Q2 outcomes for DORA, ISO 27001 and incident readiness.
• You schedule and run an incident tabletop, you clarify on-call roles and escalation paths, and you capture lessons and owner actions.
• You prioritise vendor risk across critical providers and you make the audit artefact backlog visible with owners and due dates.
• You align the security operating rhythm by preparing inputs for the risk committee, incident reviews and change advisory.

• Senior leadership experience in product-centric , cloud-heavy environments (scale-up pace or similar).
• Hands-on security governance & risk and regulatory experience relevant to European payment institutions (DORA, ISO 27001 ).
• Proven record of embedding secure SDLC with Engineering and Product.
• Confident incident leader ; calm under pressure; learns fast.
• Clear, concise communicator; able to influence from code review to boardroom.
• Fluent English ; French or German is a plus.

• Certifications (e.g., CISSP, CISM, CCSP, AWS Security) used as tools, not crutches.
• Exposure to supervisors (e.g., ACPR, BaFin, FCA ) or regulated audits.
• Consulting/fractional CISO background; impact with small teams.

• An initial interview (45') with Daniel (Team Lead Talent Acquisition).
• A video interview (45') with Maud (VP Risk & Compliance).
• A Case study interview + Key Stakeholder round.
• An Culture & leadership interview round including a personality and logic test.

• Compensation: Competitive salary depending on experience and location.
• Remote Work Culture: Work from our Berlin or Paris office, with possibility of remote working days.
• Scale-Up Impact: Join a high-growth environment with ~500 passionate people across Europe and multiple acquisitions; your work has direct, measurable impact.
• Modern stack & tools: Cloud-first product, CI/CD, security tooling (e.g., SAST/DAST, dependency scanning), and ISMS/GRC practices.

We follow the principle of equal treatment to consider all job applicants and do not discriminate based on gender, sexual orientation, color, racial or ethnic origin, religion, disability, etc. as per applicable law.

Overview

Join to apply for the Head of Information Security role at Ageras

At Ageras, we redefine how entrepreneurs, freelancers, self-employed professionals, and SMEs manage their banking and administrative tasks. Our vision is to become the best friend of every small entrepreneur across Europe. We’re a team of nearly 500 people, including 150 engineers, working from Paris, Amsterdam, Copenhagen, and Berlin. The Risk & Compliance team works closely with Engineering, IT, Product, Data and Legal to keep our environment resilient, audit-ready and pragmatic, with security designed in from the start.

You will lead our information security function end-to-end: own our ISMS and risk governance, land regulatory outcomes (notably DORA and ISO 27001 ), embed security into the SDLC , and strengthen incident readiness. You’ll enable teams to make good security decisions, communicate clearly with executives and partners, and turn complexity into tangible next steps.

• Own the ISMS (policies, risk register, KRI) and keep governance practical, measurable and audit-ready.
• Drive regulatory readiness for DORA and ISO 27001 (gap overview, artefacts, timelines, immovable dates including the annual report for payment institutions).
• Lead incident preparedness and response: playbooks/runbooks, tabletop exercises, clear roles/on-call, post-incident learning.
• Embed secure-by-design in the SDLC: lightweight security gates (e.g. threat modeling, dependency hygiene, SAST/DAST), developer enablement and metrics.
• Own third-party/vendor risk for critical providers in partnership with Procurement, Legal and Risk.
• Influence & enable: build trust with Eng/IT/Product/Data/Legal; make security a shared responsibility.
• Steer external partners (e.g., ISO support) and plan the hiring of 1 FTE to complete a lean, high-impact team.
• Communicate clearly to executives, partners and (as needed) supervisors.
• Lead and mentor a team (2 security engineers), prioritizing the team's workload and overseeing their professional development.

• Establish a baseline of our security posture by reviewing governance, technology and team practices, and refresh the risk register with practical KRIs.
• Create regular working cadences with leaders in Engineering, IT, Product, Data and Legal for quick decisions and trade-offs.
• Publish a prioritised twelve-to-eighteen-month security roadmap with concrete Q1 and Q2 outcomes for DORA, ISO 27001 and incident readiness.
• Schedule and run an incident tabletop, clarify on-call roles and escalation paths, and capture lessons and owner actions.
• Prioritise vendor risk across critical providers and make the audit artefact backlog visible with owners and due dates.
• Align the security operating rhythm by preparing inputs for the risk committee, incident reviews and change advisory.

Job located in Berlin or Paris, with possibility of two remote working days per week.

• Senior leadership experience in product-centric, cloud-heavy environments (scale-up pace or similar).
• Hands-on security governance & risk and regulatory experience relevant to European payment institutions (DORA, ISO 27001).
• Proven record of embedding secure SDLC with Engineering and Product.
• Confident incident leader; calm under pressure; learns fast.
• Clear, concise communicator; able to influence from code review to boardroom.
• Fluent English; French or German is a plus.

• Certifications (e.g., CISSP, CISM, CCSP, AWS Security) used as tools, not crutches.
• Exposure to supervisors (e.g., ACPR, BaFin, FCA) or regulated audits.
• Consulting/fractional CISO background; impact with small teams.

• An initial interview (45 minutes) with Daniel (Team Lead Talent Acquisition).
• A video interview (45 minutes) with Maud (VP Risk & Compliance).
• A case study interview + Key Stakeholder round.
• An culture & leadership interview round including a personality and logic test.

• Compensation: Competitive salary depending on experience and location.
• Remote Work Culture: Work from our Berlin or Paris office, with remote working days.
• Scale-Up Impact: Join a high-growth environment with ~500 people across Europe; your work has direct, measurable impact.
• Modern stack & tools: Cloud-first product, CI/CD, security tooling (SAST/DAST, dependency scanning), ISMS/GRC practices.

We follow the principle of equal treatment to consider all job applicants and do not discriminate based on gender, sexual orientation, color, race, religion, disability, etc. as per applicable law.

• Executive

• Full-time

• Information Technology

Referrals increase your chances of interviewing at Ageras by 2x

Overview

This CISO role is for a global cybersecurity leader with a passion for Linux and open source to help define the way Canonical secures its corporate infrastructure, designs its products and assures regulatory compliance. This role will be responsible for the end to end definition and implementation of the cybersecurity and compliance program. They will continue to build a world-leading team of cybersecurity professionals currently in excess of 30 people and work to define and implement process and technical security controls. It is important for the CISO to work closely with the business, infrastructure, product and engineering teams to define and meet cybersecurity and compliance targets. It reports to the CFO.

• Define a cybersecurity strategy and operating model that is aligned with our business objectives
• Develop and track a clear, measurable cybersecurity plan
• Assume responsibility for Canonical's information security and compliance program
• Build, develop and lead a high performing cybersecurity and compliance team
• Advise business and engineering leadership in the implementation of cybersecurity and compliance
• Present regular reports to Canonical executives and our Board of Directors
• Integrate an information and cyber security risk management framework
• Define and deliver a cybersecurity culture and awareness program for employees and partners
• Define and implement an information assurance framework, ensuring regulatory compliance
• Monitor and respond to security and privacy incidents
• Lead the implementation of a secure system development life-cycle

• A bachelor's degree in computer science, information technology, or a related field; MBA preferred
• Substantial experience in risk management, information security, or incident response
• Experience implementing a cybersecurity and compliance program in an engineering organization
• Experience building and leading a cross functional cybersecurity and compliance team
• Proven ability to define, implement and measure effective incident response playbooks and a cybersecurity culture program
• Knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST
• Knowledge of international privacy laws and financial reporting requirements
• Understanding of current legislation and regulations relevant to our organization
• Excellent project management and leadership skills
• Excellent communication skills
• Familiarity with cloud native technologies and agile development methodologies a plus
• Past experience leading the incident response to a large scale cyber security threat a plus

• Personal learning and development budget
• Annual compensation review
• Recognition rewards
• Annual leave
• Priority Pass for travel

Canonical is a growing international software company that works with the open-source community to deliver Ubuntu, the world’s best free software platform. Our services help businesses worldwide reduce costs, improve efficiency and enhance security with Ubuntu. We are committed to fostering a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity we will give your application fair consideration.

Overview

This CISO role is for a global cybersecurity leader with a passion for Linux and open source to help define the way Canonical secures its corporate infrastructure, designs its products and assures regulatory compliance. This role will be responsible for the end to end definition and implementation of the cybersecurity and compliance program. They will continue to build a world-leading team of cybersecurity professionals currently in excess of 30 people and work to define and implement process and technical security controls. It is important for the CISO to work closely with the business, infrastructure, product and engineering teams to define and meet cybersecurity and compliance targets. It reports to the CFO.

• Define a cybersecurity strategy and operating model that is aligned with our business objectives
• Develop and track a clear, measurable cybersecurity plan
• Assume responsibility for Canonical's information security and compliance program
• Build, develop and lead a high performing cybersecurity and compliance team
• Advise business and engineering leadership in the implementation of cybersecurity and compliance
• Present regular reports to Canonical executives and our Board of Directors
• Integrate an information and cyber security risk management framework
• Define and deliver a cybersecurity culture and awareness program for employees and partners
• Define and implement an information assurance framework, ensuring regulatory compliance
• Monitor and respond to security and privacy incidents
• Lead the implementation of a secure system development life-cycle

• A bachelor's degree in computer science, information technology, or a related field; MBA preferred
• Substantial experience in risk management, information security, or incident response
• Experience implementing a cybersecurity and compliance program in an engineering organization
• Experience building and leading a cross functional cybersecurity and compliance team
• Proven ability to define, implement and measure effective incident response playbooks and a cybersecurity culture program
• Knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST
• Knowledge of international privacy laws and financial reporting requirements
• Understanding of current legislation and regulations relevant to our organization
• Excellent project management and leadership skills
• Excellent communication skills
• Familiarity with cloud native technologies and agile development methodologies a plus
• Past experience leading the incident response to a large scale cyber security threat a plus

• Personal learning and development budget
• Annual compensation review
• Recognition rewards
• Annual leave
• Priority Pass for travel

Canonical is a growing international software company that works with the open-source community to deliver Ubuntu, the world’s best free software platform. Our services help businesses worldwide reduce costs, improve efficiency and enhance security with Ubuntu. We are committed to fostering a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity we will give your application fair consideration.

At Ageras, we are redefining how entrepreneurs, freelancers, self-employed professionals, and SMEs - manage their banking and administrative tasks. Through seamless tools and innovative banking solutions, we help them focus on what matters most: growing their businesses.

Our vision is to become the best friend of every small entrepreneur across Europe.

Over the years, Ageras has grown through the merging of top European FinTechs like Shine (

At Exosens, we redefine boundaries in the defense and high-tech sectors. As our Group Chief Information Security Officer (CISO), you will shape and secure the future of our information landscape. You will design and drive a holistic cybersecurity strategy across Exosens Group, ensuring that our information assets, technologies, and people are protected against evolving threats.

The position:

Craft and implement a comprehensive information security strategy, balancing visionary leadership with robust operational execution.

Embed security into the heart of our defense-related projects, ensuring alignment with sensitive national and European regulations (GDPR, NIS2, ISO/IEC 27001, national military standards).

Act as the voice of cybersecurity at the executive table—providing insight, risk assessments, and clear actions to safeguard our operations and clients.

Lead risk management programs, identify and mitigate threats, and ensure full compliance across our supply chain and defense contracts.

Oversee the security architecture—championing solutions from SIEM and IAM to encryption and secure communications.

Steer the continuous evolution of our incident response and threat detection capabilities, working with internal teams and external SOC partners.

Build and inspire a multidisciplinary cybersecurity team, fostering a culture of vigilance and secure-by-design thinking.

Drive awareness initiatives that empower every Exosens employee to be a guardian of our data and reputation.

Master’s degree in Information Security, Computer Science, or a related field.

10+ years in IT, including 5+ years in a senior security leadership role.

Proven track record in the defense sector or similarly regulated environments.

Certifications: CISSP, CISM, CISA, or equivalent.

Strong understanding of EU/national defense security frameworks, secure supply chains, and data classification.

Eligibility for national security clearance.

• Full-time position in a thriving high-tech company
• Company car
• A salary between € 5036,- and € 6715,- per month
• Secondary employment conditions, including 12 extra days off
• Opportunities for growth on technical and personal level
• Room for self-development and education

Interested candidates should submit their CV and cover letter to HRM at Exosens: By applying, you agree to the provision of your personal data to internal stakeholders.

Location: Paris