Senior Project Manager | FinTech développant une plateforme d’aide à la prise de décision | Aix[...]

We are a large renowned fast-growing ecommerce company specializing in high-end online travel experiences. Security is a strategic priority to maintain the trust our customers have placed in us.

Our goal is to protect our assets, manage risk, ensure compliance with regulatory requirements (e.g. PCIDSS v4, GDPR) and build customer trust, all while supporting innovation in our technology and operations and a profound transformation of our systems to enable and power our ambitious growth objectives.

We are looking for a Chief Information Security Officer (CISO) who will define and execute a global security strategy, lead risk management efforts, and foster a strong security culture across the company. This role will be pivotal in securing our evolving infrastructure, enhancing governance, and demonstrating business impact through security initiatives.

Key Responsibilities

1. Define, Drive and Execute the Security Strategy & Roadmap
   • Develop and maintain a comprehensive security strategy that covers technical, organizational, and physical security aspects.
   • Build and execute a structured security roadmap aligned with the company’s business and technical transformation.
   • Identify, assess, and prioritize information security risks (technical, organizational, human) and define appropriate mitigation plans.
   • Ensure compliance with industry regulations and standards (PCIDSS v4, GDPR and other relevant frameworks) in collaboration with legal and business teams.
   • Regularly report security progress, risks, and achievements to the Chief Digital Officer (CDO) and the Executive Committee (ExCom) through Quarterly Business Reviews (QBRs).
2. Proactive Risk Management, Automation & Business Impact
   • Implement risk-based security measures and establish a continuous improvement approach for security operations.
   • Develop automated security dashboards to provide real-time visibility on security posture including risks, incidents, and security initiatives.
   • Demonstrate tangible business impact of security actions (e.g. revenue protection, reduced fraud, SLA adherence, strengthened partner trust).
   • Establish Key Performance Indicators (KPIs) to measure security effectiveness and ensure alignment with business objectives.
3. Technical, Physical and Network Security
   • Oversee physical security measures (e.g. access controls, video surveillance, alarms) in coordination with infrastructure and facilities teams.
   • Ensure the security of networks, cloud infrastructure, and hybrid environments (on-premises, cloud).
   • Secure our API-driven microservices-based architecture working closely with DevOps and cloud teams.
   • Drive Security by Design and Zero Trust principles in all technology initiatives.
4. Leadership, Team Management & Cross-Team Collaboration
   • Collaborate with product, data, engineering, infrastructure, and legal teams to integrate security across all business functions.
   • Work alongside the Office IT Manager for security-related actions within Microsoft environments (Active Directory, Office 365, MFA, etc.).
   • Foster executive buy-in and ensure that security is seen as a business enabler, not a blocker.
5. Security Awareness & Culture Development
   • Promote a strong security culture throughout the company ensuring all employees understand their role in cybersecurity.
   • Implement company-wide security awareness programs including phishing simulations and best practices training.
   • Act as a trusted advisor on security matters, maintaining a pragmatic and educational approach.
6. Data Protection, GDPR & Third-Party Risk Management
   • Ensure compliance with GDPR and data privacy regulations working closely with legal teams.
   • Oversee data protection, anonymization, and secure storage practices.
   • Manage third-party risk by ensuring vendors and partners meet security standards before integration.
7. Incident Management & Continuous Improvement
   • Establish a structured incident management process covering detection, response, mitigation, and post-incident reviews.
   • Lead internal and external security audits including penetration tests, organizational security reviews, and compliance assessments.
   • Stay ahead of emerging cybersecurity threats and adapt security strategies accordingly.
8. Budget & Security Investments
   • Define and manage the security budget ensuring cost-effective investments in security tools and technologies.
   • Justify security spending by demonstrating ROI and risk reduction benefits.

Qualifications:

Technical Skills:

• Proficiency in IT security tools and concepts.
• Access management (IAM, SSO, MFA).
• Infrastructure security (firewalls, VPNs, network monitoring, WiFi security).
• Application security (OWASP Top 10, API Gateway).
• Strong knowledge of standards and certifications: PCIDSS, ISO 27001, GDPR (in collaboration with the legal team).
• Experience in hybrid environments (on-premise, cloud) and transformation projects.
• Advanced skills in dashboard creation and automated reporting with a focus on demonstrating business impact (tools like Power BI, Tableau, or security-specific solutions).

Soft Skills:

• Leadership and Influence: Ability to mobilize and convince diverse stakeholders including COMEX members.
• Business-Oriented Vision: Capable of translating security actions into tangible business results.
• Autonomy and Structure: Skilled at prioritizing and structuring projects in a complex and evolving environment.
• Pedagogy and Communication: Ability to simplify technical issues and foster adoption of security priorities.
• Results-Driven: Transforming action plans into measurable and impactful outcomes.

Experience and Education:

• Significant experience (5 years) as a CISO, RSSI, or security expert in a related environment (ecommerce, SaaS, cloud).
• Knowledge or interest in the travel industry (ticketing, GDS connectivity, etc.) is a plus.
• Engineering degree or Masters in cybersecurity. Certifications preferred: CISSP, CISM, ISO 27001 Lead Auditor / Implementer.

Why Join Us

• A Strategic Role: Be at the heart of the company’s digital transformation and security efforts.
• Strong Autonomy: Structure a long-term vision while relying on internal and future technical resources.
• Exciting and Varied Challenges: Hybrid architecture, technological overhaul, and security governance.
• Stimulating Environment: Collaboration with multidisciplinary teams and cutting-edge technologies (cloud, microservices).

You’ll love joining us...

At Voyage Priv, the entrepreneurial adventure is a reality: take on ambitious and fulfilling projects while joining a company committed to the growth of its teams.

Live in the South of France in an exceptional natural, economic, and cultural environment on a modern digital and eco-responsible campus.

Find your own balance with up to 2 days of telecommuting per week which you can concentrate on one week at a time up to 4 times a year.

Put meaning back into your work and discover a unique ecosystem creating bridges between worlds that are often far apart: the economic, sporting, academic, and social worlds and take part in one of the Vision projects (Ecole des XV, Provence Rugby, VP Green, Les Tremplins, Chez Pierre).

Cancel your sports subscription! Access our large Campus gym morning, noon, and night and play Padel whenever you like on our court reserved exclusively for Voyage Priv employees.

Live to the rhythm of Voyage Priv’s various Business & Fun highlights (Company Breaks, Carnival, Annual Convention), take part in meetups and talks, and enjoy free tickets to every Provence Rugby home match or dance to the sounds of the Dalida Institute!

Would you like to take advantage of our getaway offers? Benefit from up to 20% off our irresistible prices.

Remote Work: Employment Type: Full-time

Key Skills: International Development, Information Systems, Community, Information Technology Sales, Corporate Recruitment

Experience: years

Vacancy: 1