Chief Information Security Officer
Filigran
full-time
Posted on:
Location Type: Remote
Location: France
Visit company websiteExplore more
Job Level
About the role
- Design and implement Filigran's first CSIRT and Security Operations (SecOps) framework.
- Define processes for incident detection, response, containment, and recovery.
- Manage relationships with external Managed SOC providers for hybrid Level 1 monitoring.
- Act as primary incident commander for security events and data breaches.
- Build and maintain incident playbooks and escalation paths.
- Drive post-incident reviews and lessons learned.
- Ensure timely breach notification to supervisory authorities in coordination with the General Counsel.
- Leverage Filigran's own products (OpenCTI, OpenBAS/OpenAEV) to run advanced threat intelligence analysis and attack simulations.
- Continuously evaluate threats relevant to Filigran and its ecosystem.
- Provide actionable intelligence to leadership and engineering teams.
- Establish the Filigran-CERT (F-CERT) and position it as the trusted security function for the company.
- Build and maintain an ISMS aligned with ISO 27001, SOC 2, or equivalent standards.
- Lead security certification efforts and manage external audits.
- Own the vendor security assessment process and third-party risk management program.
- Hold the formal Data Protection Officer mandate under GDPR, serving as the official point of contact for supervisory authorities (e.g. CNIL).
- Act as the internal gatekeeper ensuring that AI initiatives, data processing activities, and security controls meet applicable regulatory requirements.
- Collaborate closely with the General Counsel to translate legal and policy obligations into operational controls.
- Monitor evolving regulation (GDPR, AI Act, ePrivacy, NIS2) and assess operational impact in coordination with Legal.
- Handle or coordinate responses to data subject requests (DSARs) and regulatory enquiries.
- Act as a player-coach, balancing hands-on work with preparation for team growth.
- Define future roles and responsibilities for SecOps.
- Mentor and onboard new hires as the team scales.
Requirements
- Proven experience in an information security leadership role (CISO, Head of Security, CSIRT Manager, or equivalent).
- Formal DPO qualification or equivalent experience, solid working knowledge of GDPR and EU data protection law, including AI Act implications.
- Strong background in incident response, forensics, and security monitoring.
- Experience working with managed SOC services in hybrid models.
- Knowledge of threat intelligence practices and frameworks (MITRE ATT&CK, STIX/TAXII), bonus if you've used OpenCTI.
- Familiarity with red teaming, breach & attack simulation (BAS), or security testing.
- Comfortable operating at the intersection of technical security and regulatory compliance, without owning the legal function.
- Hands-on mindset: comfortable being the first security leader in a scaling organisation.
- Excellent communication skills with regulators, customers, technical teams, and executives alike.
- Fluency in English required; French is a strong plus.
Benefits
- Competitive pay + equity - everyone shares in our success
- Remote-first, flexible, and balanced - work that fits your life
- Your setup, your choice - pick the gear that works for you
- Twice-a-year gatherings - we meet in person for regional and global offsites to connect, collaborate, and strengthen our culture beyond the screen
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
incident responseforensicssecurity monitoringthreat intelligencered teamingbreach simulationattack simulationdata protectionsecurity testingISO 27001
Soft Skills
communicationleadershipmentoringteam growthcollaborationincident commandproblem-solvingrelationship managementhands-on mindsetadaptability
Certifications
DPO qualificationCISOCSIRT Manager