Operation Security Officer

As the security team our ambition is to:

• Security Leader: Have the best security among our competitors

• Guardian of Trust: Not only meet but exceed the highest security standards required by our customers and partners .

• Total Resilience: Build defences that makes us indestructible and guarantees our operational resilience

• Support of our Growth: Support Wooclap in its global expansion

As an Operation Security Officer you will be the second member of the Wooclap Security team. This position is inherently cross-functional: you will work in close collaboration with the Technical team while being the key contact for all internal stakeholders (Business Legal Operations Marketing teams etc.).

This role is essential in the context of Wooclaps international growth.

We rely on your autonomy and initiative to build the future of our security. You will lead strategic projects from A to Z support our clients and partners and evolve our Security posture to anticipate the risks associated with our rapid expansion.

Your missions:

1. Governance Risk & Compliance

• Contribute to the Security Vision: Contribute to the security strategy and roadmap in close collaboration with Security Management the technical teams and all stakeholders.

• Contribute to Compliance: Ensure continuous alignment with international standards (e.g. ISO 27001) and key regulations (GDPR etc.). Ensure follow-up on legal and regulatory obligations (CNIL cloud hosting etc.).

• Improve Security Policies: Define and maintain security policies (access control encryption device management data protection) and oversee their deployment and implementation by the relevant teams (HR suppliers etc.).

• Committees and Monitoring: Create security committees KPIs and dashboards to track the security posture and report to the Management team or the Board if necessary.

• Governance and Reporting (KPIs): Create and lead security committees define KPIs and dashboards to track the security posture and clearly communicate the level of risk to the Management team.

• Audit and Certification: Lead security audits (both internal and external) monitor and enhance compliance with ISO/IEC 27001 and contribute to future certifications.

2. Security Project Management

• Access Management (IAM): Lead the project to create a new rights and access management (IAM) strategy.

• Tooling: Participate in the selection and deployment of the next SIEM and launch large-scale projects (e.g. Bug Bounty EDR).

• Endpoint Security: Evolve the security aspects of the device fleet and related subcontractors.

• Incident Strategy: Establish the new security incident management strategy and business continuity plans.

• Simulation and Post-Mortem: Organize crisis simulation exercises to test process resilience and lead post-mortem analyses.

• Internal Program: Co-build the future Information Security Officers (ISOs) program within the teams.

3. App & Infrastructure Security

• Security by Design: Define and promote secure development best practices within the TECH team.

• Architecture Review: Lead architecture and implementation reviews for critical functionalities (authentication payments APIs AI usage etc.).

• SDLC Integration: Collaborate with Engineering Managers and the DevX team to integrate security throughout the Software Development Life Cycle (SDLC).

• Vulnerability Lifecycle Management: Establish and oversee the process for detecting classifying and remediating vulnerabilities.

• Security Tooling: Maintain and evolve security tools (SAST DAST vulnerability scanners) for proactive fault detection.

4. Security Support & Communication

• External Support: Manage security support for clients and partners and be the key contact for our clients and partners on security and confidentiality topics.

• Security Forms: Respond to security questionnaires and contribute to process improvement (Communication AI etc.).

• Internal Advice: Act as a privileged advisor to the Product Engineering and Business teams on all security matters.

• Awareness and Training: Actively promote a culture of security and shared responsibility. Organize regular awareness initiatives (phishing simulations training sessions).

First Year Projects

To ensure the rapid scaling of our security strategy the role will begin with high-impact projects. Your initial objectives will include but not be limited to the following:

• Posture Analysis and Roadmap: Upon arrival conduct a risk analysis (like a discovery report) of our security level and current policies in order to challenge and refine the existing strategic roadmap.

• Redesigning our Identity and Access Management (IAM) strategy.

• Governance and Measurement: Create and define the associated KPIs and dashboards to ensure better monitoring of our security level and posture.

• Internal Program: Co-build and launch the future Information Security Officers (ISOs) program within the teams to expand the security culture.