Senior GRC / ISO 27001 Program Lead [Freelance]

What you'll do

• Define and own the ISO 27001 certification roadmap including milestones, deliverables, dependencies, workload plan
• Build and operate the Information Security Management System (ISMS): policies, procedures, Statement of Applicability, risk treatment plan
• Manage the full audit cycle: internal pre-audit, final certification audit, annual surveillance and renewal audits
• Select and manage the certification body
• Regular reporting to VP IT & Security and Executive Committee
• Conduct and maintain risk assessments on critical assets using recognized methodologies
• Analyze risks related to AI agents deployed within the company and define mitigation measures
• Define, track and challenge remediation plans with technical and business teams
• Implement permanent controls and ISMS internal audit program
• Run recurring operational tasks in collaboration with application and system owners
• Manage penetration tests and exploitation of their results
• Lead management reviews and continuous improvement loops
• Translate security topics for non-technical audiences
• Design and roll out security awareness and training plans
• Own responses to security questionnaires within RFPs and be primary contact for third-party audits
• Collaborate closely with Legal, DPO, R&D, Product, Finance, HR, Ops and Cloud teams
• Use generative AI tools daily to accelerate documentation, gap analysis, controls mapping, customer questionnaire handling and reporting
• Promote AI usage best practices within security perimeter

Requirements

• Minimum 8 to 12 years in cybersecurity / GRC
• Significant experience leading an ISO 27001 certification end-to-end
• Experience in international environments, ideally SaaS, AdTech, media or data-driven companies
• In-depth mastery of ISO 27001 / 27002 and the ISMS
• Operational mastery of at least one risk analysis methodology (EBIOS RM or ISO 27005)
• Ability to conduct risk analysis on AI agents deployed internally (frameworks such as ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM, AI Act)
• Solid knowledge of complementary frameworks (SOC 2, NIST CSF); knowledge of TCF v2.2 (AdTech) is a plus
• Cross-functional understanding of Cloud security
• Outstanding communication skills
• Cross-functional teamwork
• Cross-functional leadership, political acumen
• Pragmatic, business and delivery-oriented mindset
• Fluent in French and English, both written and spoken

Tech stack