- Company Name
- Leboncoin.fr
- Job Title
- GRC Manager
- Job Description
-
**Job Title:** GRC Manager (Cybersecurity Risk & GRC Lead)
**Role Summary:**
Lead the Cybersecurity Risk & GRC function for a digital marketplace, making cyber risk understandable and actionable for technical teams and executive leadership. Drive governance alignment with group‑level policies, oversee risk registers, and enable secure innovation without acting as a compliance auditor or SOC analyst.
**Expectations:**
- 7+ years experience in cybersecurity, risk management, GRC, or related security roles.
- Strong technical grasp of modern application & cloud architectures, operational security, and incident response.
- Deep knowledge of relevant regulations (GDPR, NIS2) and risk frameworks (ISO 27005, NIST RMF).
- Proven ability to engage engineering, legal/compliance, and senior leadership; translate technical risk into business language.
- Pragmatic, outcome‑oriented mindset; comfortable in fast‑moving, “build‑mode” environments; strong facilitation and communication skills.
**Key Responsibilities:**
- Own and maintain the cyber risk register; identify, assess, prioritize, and track risks across products, platforms, data flows, critical services, and third‑party ecosystem.
- Translate technical findings into business‑impact risk statements and advise executives on mitigation, acceptance, or transfer decisions.
- Align local security policies and standards with group requirements; ensure they are proportionate, understandable, and actionable.
- Coordinate internal security control activities and contribute to security‑by‑design initiatives with product and architecture teams.
- Manage third‑party cybersecurity risk: define requirements, conduct technical and contract reviews, and monitor ongoing risk treatment.
- Support incident response and crisis communication, providing impact assessments and ensuring lessons learned are reflected in the risk register.
- Contribute to regulatory compliance (e.g., NIS2) and data‑protection risk assessments (DPIAs) in partnership with the DPO and legal teams.
- Drive security awareness, training, and a shared accountability culture across the organization.
**Required Skills:**
- Risk assessment & management (ISO 27005, NIST RMF)
- Cloud and application security fundamentals (AWS, Azure, micro‑services)
- Incident response and crisis management concepts
- Regulatory knowledge (GDPR, NIS2, other digital‑platform mandates)
- Excellent written and verbal communication; ability to simplify technical concepts for business audiences.
- Stakeholder management across engineering, product, legal, procurement, and senior leadership.
- Facilitation, negotiation, and constructive challenge skills.
- Familiarity with marketplace or multi‑entity governance models (preferred).
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, Risk Management, or related field (or equivalent experience).
- Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer, or NIST RMF certification are strongly preferred.