Governance, Risk & Compliance Specialist

<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0" data-pm-slice="0 0 []"><strong>1. About Alma</strong></p>
<p>At Alma, we believe sustainable commerce depends on fair, well‑balanced trade. Because finance plays a pivotal role in business, our mission is to put it back in its rightful place - serving merchants and consumers.</p>
<p>Our installment and deferred payment solutions help merchants boost sales by 20% or more, increase customer loyalty, and deliver a seamless shopping experience - without encouraging bad debt.</p>
<p>As the buy now pay later leader in France and active in 10 European countries, we’ve empowered over +24,000 merchants and 9 million consumers.</p>
<p>With 380+ Almakers and €100M+ ARR, Alma is scaling rapidly across Europe—and we’re just getting started.</p>
<p><strong>Alma is the company for you if are looking for:</strong></p>
<p>Collective intelligence is the driving force behind Alma: we are looking for open-minded, curious, and ambitious people who want to actively participate in this exponential growth.</p>
<p>To continue to deliver an optimal purchasing experience and absolute ease of use, all teams at Alma (Tech, Product, Sales, Operations, Data, Risk, Finance, Compliance, Legal, Marketing and People) will strengthen their members to maintain the highest standards of quality and trust while pushing these innovations at Alma’s pace.</p>
<p> </p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0" data-pm-slice="0 0 []"><strong>2. About the job</strong></p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Alma is a licensed payment institution (ACPR-approved), processing millions of transactions across France and Europe. The regulatory environment has materially tightened: DORA entered into force in January 2025, NIS 2 is now transposed in France, and ACPR oversight is intensifying.</p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">To meet this moment, Barbara Goubert joined Alma in early 2026 as Head of IT &amp; Security / CISO, and is actively building and structuring the IT &amp; Security function. The team currently counts 6 people, with profiles covering infrastructure, security operations, and IT.</p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">This role is a genuine opportunity to build something meaningful. We're looking for a confirmed GRC Specialist to own and drive Alma's information security governance, risk management, and compliance program. If you have solid Governance, Risk and Compliance foundations, and if you are looking for an environment where your work has real impact and where you'll be supported to grow, we'd love to hear from you.</p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"> </p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>3. Your responsibilities and missions</strong></p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Regulatory compliance: DORA, NIS 2 &amp; ACPR</p>
<ul class="s-list-disc s-pb-2 s-pl-6 s-flex s-flex-col s-gap-1">
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Build Alma's DORA and NIS 2 compliance roadmap: conduct gap analysis, define remediation priorities, and track execution</p>
</li>
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Coordinate cross-functional requirements with Finance, Legal, and Engineering to maintain a consistent regulatory posture</p>
</li>
</ul>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Security risk mapping</p>
<ul class="s-list-disc s-pb-2 s-pl-6 s-flex s-flex-col s-gap-1">
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Own and maintain the Security Risk Map (Risk Map 2026): expand its cyber/InfoSec coverage and enrich risk scoring</p>
</li>
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Connect risk findings to structured remediation plans and report progress to the CISO on a regular cadence</p>
</li>
</ul>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Security policies &amp; audit readiness</p>
<ul class="s-list-disc s-pb-2 s-pl-6 s-flex s-flex-col s-gap-1">
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Formalize, update, and enforce security policies and procedures across the organization</p>
</li>
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Lead evidence collection and audit response for external reviews (ACPR inspections, SOC 2 Type II, ISO 27001 roadmap)</p>
</li>
</ul>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Security governance &amp; cross-functional bridge</p>
<ul class="s-list-disc s-pb-2 s-pl-6 s-flex s-flex-col s-gap-1">
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Translate regulatory requirements into actionable plans for both technical teams (Engineering, SRE) and business stakeholders (Legal, Compliance, Executive)</p>
</li>
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Structure and maintain Alma's security governance framework: contracts, technical clauses, internal security awareness</p>
</li>
</ul>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"> </p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>4. Our stack</strong> Slack · Vanta · Linear · Notion · Google Suite · Dust.</p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"> </p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>5. About you</strong> We're looking for someone with solid GRC foundations and the ability to make an impact in a cross-functional, fast-moving environment. You don't need to have done everything — but you're ready to take ownership, learn continuously, and bring people along with you.</p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>Must have </strong></p>
<ul class="s-list-disc s-pb-2 s-pl-6 s-flex s-flex-col s-gap-1">
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Practical knowledge of key regulatory frameworks (DORA, NIS 2, ISO 27001, GDPR) — with hands-on experience running or contributing to compliance programs in a real regulatory context</p>
</li>
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Strong cross-functional communication skills — you translate complex regulatory requirements into clear, actionable language for any audience: engineers, executives, or external auditors</p>
</li>
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Communication: Full professional fluency in French and English is required. Regulatory interactions and external audits happen in both languages.</p>
</li>
</ul>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>Nice to have</strong></p>
<ul class="s-list-disc s-pb-2 s-pl-6 s-flex s-flex-col s-gap-1">
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Experience with GRC tooling (Vanta or equivalent) and/or exposure to SOC 2 Type II processes in a fintech or regulated environment</p>
</li>
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Prior experience in or with an ACPR-licensed entity or payment institution</p>
</li>
</ul>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"> </p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>6. Why join</strong></p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>The role itself</strong></p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Real ownership from day one, with direct CISO access and strategic visibility on topics that directly affect Alma's ability to operate as a licensed payment institution. This is a build role — decisions are made collectively, and your work will shape Alma's security posture for the long term. You'll have the space to grow into the role and be supported throughout.</p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>The team &amp; culture</strong></p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">You'll be joining a small, high-trust team that Barbara is building deliberately and sustainably. Collaboration is at the core of how we work — major decisions involve the team, and your perspective matters. We value continuous learning, open feedback, and mutual support.</p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"> </p>
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0"><strong>7. Compensation &amp; benefits</strong></p>
<ul class="s-list-disc s-pb-2 s-pl-6 s-flex s-flex-col s-gap-1">
<li class="s-break-words">
<p class="s-whitespace-pre-wrap s-break-words s-font-normal first:s-pt-0 last:s-pb-0">Fixed salary on a 12-month basis</p>
</li>
<li class="

Cette annonce provient de ats_greenhouse. Voir l'annonce originale ↗