Senior GRC / ISO 27001 Program Lead [Freelance]

🇫🇷 Paris, FR Sur site IT Lead Publié Mai 7, 2026

Postuler

LieuParis, FR

Mode de travailSur site

SenioritéLead

CatégorieIT

Catégorie ITIngénieur sécurité

Publié7 mai 2026

Dernière vérification7 mai 2026

About Equativ Equativ is a leading independent advertising platform that connects advertisers and publishers to deliver seamless video and audiovisual experiences worldwide. In a data-driven ecosystem, the trust and security of our infrastructure are at the core of our value proposition. Your mission Reporting to the VP IT & Security, you will take direct ownership of the ISO 27001 certification program, to be delivered within a tight 12-month timeframe. You will design and execute the roadmap end-to-end: scoping, risk analysis, controls deployment, ISMS implementation, internal audit, and certification audit management. The tight timeline requires a senior, autonomous profile, operational from day one, able to make decisions, mobilize cross-functional teams (Tech, Product, Sales, Ops, Legal, HR) and bring the entire company on board. Key responsibilities ISO 27001 program management (12 months) Define and own the certification roadmap: milestones, deliverables, dependencies, workload plan. Build and operate the Information Security Management System (ISMS): policies, procedures, Statement of Applicability (SoA), risk treatment plan. Manage the full audit cycle: internal pre-audit, final certification audit (stages 1 and 2), then annual surveillance and renewal audits. Selection and management of the certification body. Regular reporting to the VP IT & Security and the Executive Committee (KPIs / KRIs, progress, blockers). Risk analysis and management Conduct and maintain risk assessments on critical assets using a recognized methodology (EBIOS RM, ISO 27005 or equivalent — operational mastery of at least one method is required). Analyze risks related to AI agents deployed within the company: map use cases, assess risks (data leakage, prompt injection, hallucinations, system access, third-party dependencies), define mitigation measures and associated controls. Define, track and challenge remediation plans with technical and business teams. Audit, control and continuous improvement Implement permanent controls and the ISMS internal audit program. Run recurring operational tasks (access reviews, configuration reviews, logical and physical access controls…) in direct collaboration with application and system owners. Manage penetration tests and the exploitation of their results. Lead management reviews and continuous improvement loops. Engage the company and collaborate cross-functionally Translate security topics for non-technical audiences (Sales, Marketing, Finance, HR). Design and roll out the security awareness and training plan. Own the responses to security questionnaires within RFPs and be the primary point of contact for third-party audits conducted by clients. Work in close collaboration with all departments: Legal / DPO (GDPR alignment, contracts, AI Act), R&D / Product (security by design, architecture reviews, AI), Finance (vendor risk analysis, security budget), HR (awareness, access management, onboarding/offboarding), Ops and Cloud teams. Leverage AI to drive efficiency Make daily use of generative AI tools (assistants, agents, automations) to accelerate documentation, gap analysis, controls mapping, customer questionnaire handling and reporting. Promote AI usage best practices within the security perimeter, in line with confidentiality requirements. Candidate profile Experience Minimum 8 to 12 years in cybersecurity / GRC, including significant experience leading an ISO 27001 certification end-to-end (ideally already achieved under a comparable time constraint). Experience in international environments, ideally SaaS, AdTech, media or data-driven companies. Technical and methodological skills In-depth mastery of ISO 27001 / 27002 and the ISMS. Operational mastery of at least one risk analysis methodology (EBIOS RM or ISO 27005). Ability to conduct risk analysis on AI agents deployed internally (frameworks such as ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM, AI Act). Solid knowledge of complementary frameworks (SOC 2, NIST CSF); knowledge of TCF v2.2 (AdTech) is a plus. Cross-functional understanding of Cloud security, sufficient to interact effectively with technical teams. Soft skills (decisive) Outstanding communication skills: proven ability to engage tech and non-tech audiences, to arbitrate and challenge without alienating. Cross-functional teamwork: confirmed ease working with Legal, R&D, Finance, Product, HR and Ops counterparts. Cross-functional leadership, political acumen, ability to drive a program in a matrixed environment. Pragmatic, business and delivery-oriented mindset, comfortable with tight deadlines. Languages Fluent in French and English, both written and spoken (non-negotiable requirement, daily international context). AI-first culture Daily and advanced use of AI tools to automate and accelerate one's own work. Practical information Start date: ASAP (certification target within 12 months) Location: Paris (headquarters) — on-site presence required Reports to: VP IT & Security