GRC Security Engineer

⭐ About the role :

 

At DataDome, security is a core part of the product and of how we operate as a company. We protect large enterprises against bots, fraud, and account abuse, which means strong security and compliance foundations are critical to the trust our customers place in us.

As the company grows, so does the level of rigor expected around certifications, risk management, internal controls, third-party security, and audit readiness. We’re looking for a Senior GRC Security Engineer to help us scale that work in a way that is practical, effective, and grounded in how teams actually operate.

This is a hands-on individual contributor role reporting to the Head of Security. The impact of the role comes from follow-through, sound judgment, and the ability to turn compliance requirements into security practices that hold up in the real world.

You also will build and own a robust tooling and workflow engine to power and automate GRC activities at scale.

 

👉 You will be more specifically in charge of things like...

 

Compliance programs

• Play a leading role in DataDome’s ISO 27001 program, driving day-to-day execution across control maturity, evidence collection, internal audits, and audit preparation.
• Help maintain DataDome’s SOC 2 Type II program over time, ensuring controls, evidence, and follow-up actions stay on track.
• Keep compliance work practical, reliable, and scalable as the company grows.

Risk management

• Run the risk management process in practice, including risk assessments, workshops, the risk register, treatment plans, and follow-up.
• Work with both technical and business stakeholders to identify and assess risks in a structured and useful way.
• Help teams turn risk findings into clear, prioritized remediation actions.

Third-party risk and internal controls

• Handle third-party security reviews for internal tools and vendors, including onboarding assessments, reassessments, and follow-up actions.
• Check that key controls are actually in place across tools and processes, spot gaps or weak configurations, and make sure remediation is tracked and moving with the right teams.

Awareness and business partnership

• Lead the security awareness program, including training, phishing simulations, and effectiveness tracking.
• Act as a key security partner for Legal, HR, Finance, and Business Operations on topics such as people controls, data handling, and process design.
• Help Sales on security topics when needed, including writing clear, accurate, and high-quality answers to security questionnaires and supporting follow-up discussions during the sales cycle.
• Be comfortable representing security during audits, including explaining how controls work, answering auditor questions, and following up on findings.

 

👤 It would be great if...

 

• You have at least 7+ years Experience in a cybersecurity product company or internet-scale SaaS environment.
• You have demonstrated hands-on experience with ISO 27001 and understand what it takes to drive and maintain a certification program in the long run.
• You are comfortable going directly to teams, understanding how things work in practice, spotting gaps, and pushing for improvements that actually fit the way people work.
• You care about whether controls are real and effective, not just documented.
• You are comfortable running structured risk assessments and facilitating discussions with both technical and non-technical stakeholders.
• You communicate clearly and confidently, both in writing and in person, and you are comfortable working in French and English.
• You have the technical fluency to assess tools, systems, and processes with a critical eye, and to engage credibly with engineering teams on remediation efforts
• You look for practical ways to simplify and automate repetitive GRC work, including with AI when it adds real value.

 

Bonus Points

• Experience with SOC 2 Type II and third-party risk management in a SaaS environment.
• Experience with Vanta or similar GRC automation platforms.
• Familiarity with AI governance topics or security implications of AI tooling.

---

What’s in it for you?

• Flex Life: While we offer remote, hybrid, & in-office options each position specifies the level of flexibility. Our Parisian office is located next to the Opera Garnier. You will also receive a 500€ stipend to help you set up your ideal workspace if you work hybrid or remotely.
  • If you are full remote, the SNCF dicount card is paid for you to come to our office to visit us & your team!
• Generous Health Benefits: We have partnered with Kenko for your healthcare needs.
• A 100€ annual allowance is provided for a leisure activity of your choice in Sports or Culture.
• Annual allowance of €200 if you come to the office by bike to cover maintenance costs.
• Professional Development: #Weaimhigh is part of our DNA, therefore we have invested in an internal Learning and Development platform and offer the opportunity to request additional training and support via your manager.
• Events & Team building: #We care and we have fun! We organise ****Annual Company-Offsite, Events, Drinks, Winter Party, Lunch & Learns and much more are part of our Culture
• Parent Care: Gift & care packages for parents.
• PTO: Based on the country you are based from (e.g. 25 days in France).

What are the next steps?

• You x Talent Acquisition Manager : first interview and cultural fit
• You x Engineering Manager Damien : technical and cultural fit + Take-home technical challenge
• You x Team: Presentation and review of your "technical proposal" with the team
• You x Member of the leadership team - Discussion about DataDome vision and "raison d'être"!
• Now you really met everyone! Welcome to DataDome :)

DataDome stops cyberfraud and bots in real time, outpacing AI-driven fraud from simple to sophisticated across your sites, apps, and APIs. Named a Leader in the Forrester Wave for Bot Management, the DataDome platform is built on a multi-layered AI engine that focuses on intent, not just identity. Because it’s not about knowing who’s real, it’s about what they intend to do. With thousands of AI models that adapt to every fraudulent click, signup, and login, DataDome blocks fraud in less than 2 milliseconds, without compromising performance. DataDome is fully automated and integrates seamlessly into any tech stack. Backed by a 24/7 SOC team of advanced threat researchers, DataDome stops over 350 billion attacks annually. Experience protection that outperforms with DataDome.

DataDome is an equal opportunity employer, and proud to be committed to diversity and inclusion. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.