Senior Security Analyst - GRC

Senior Security Analyst - GRC

(Massy - France)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

At Ivalua we are a global community of professionals who believe that digital transformation can unlock the power of supplier collaboration and drive ESG performance, lower risk, and improve productivity through our cloud-based spend management platform.

Context: You will be part of the InfoSec team with a mission to build, maintain, and continuously improve our Information Security program, providing assurance of protection and safety to our customers. The team is hands-on with a strong problem-solving mindset and collaborative approach.

Role: We are looking for a Senior Security Analyst to join our InfoSec team. This role will drive various GRC activities including supporting prospect and customer security questions, maintaining security policies, supporting security audits and assessments, and driving new security certifications/compliance initiatives.

• Lead and support compliance initiatives across global and regional frameworks including SOC 1/SOC 2, ISO 27001, IRAP, PCI-DSS, SecNumCloud, Cyber Essentials Plus (CE+), BSI C5, NIST 800-53
• Evaluate technical controls across the technology stack and translate security requirements into actionable guidance for engineering and infrastructure teams
• Drive and manage customer security audits, security questionnaires, and contract reviews with a primary focus on the EMEA region; participate in negotiation and review of French contracts to ensure alignment with security and compliance obligations
• Attend prospect and customer meetings and present Ivalua’s security architecture and control information
• Lead or support internal and third-party security risk management processes including risk identification, analysis, scoring, treatment planning, and ongoing monitoring
• Support continuous compliance monitoring activities using manual and automation and GRC tooling to maintain control effectiveness, generate evidence, and ensure audit readiness
• Own execution and coordination of key security and availability controls such as Business Impact Analysis (BIA), Disaster Recovery testing, security incident response exercises, and access reviews

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• At least 4 years of experience as Security Analyst GRC
• Strong working knowledge of security, risk, and compliance frameworks (e.g. NIST CSF & 800-53, ISO 27001, SOC, HITRUST, HIPAA, PCI-DSS, GDPR)
• Direct experience managing audits, self-assessments, or risk assessments against one or more InfoSec frameworks listed above
• Experience performing or supporting security risk management processes (risk assessments, risk registers, business impact analysis)
• Familiarity with continuous compliance and monitoring platforms
• Good understanding of cloud platforms (Azure, AWS, GCP) and ability to discuss security architecture and control implementation with technical teams
• Knowledge and experience working with IT and security personnel as well as security concepts across all layers of technology
• Knowledge of risk and security industry literature and knowledge bases (e.g. OWASP, MITRE ATT&CK, NIST 800-39)
• Relevant audit and/or Information Security certifications (e.g. CISSP, CISA, CISM, Azure Cloud Security) are desired
• Prior experience at a Big 4 firm or in a security/compliance function in a cloud/SaaS environment is a plus

Soft Skills:

• Excellent interpersonal, communication, and organizational skills. Ability to communicate in both French and English, including contractual, regulatory, and technical contexts
• Demonstrated ability to work across geographically distributed teams and with external vendors, auditors, or regulators
• Strong organizational skills and attention to detail; able to manage multiple competing priorities in a fast-paced environment
• High degree of initiative, self-motivation, and ability to work independently with limited supervision

If your application fits this position’s needs, our Talent team will reach out to schedule an initial screening call. Apply today to get one step closer to your goals.

Our Talent team will guide you through every step of the interview process and support you throughout. The recruitment process involves interviews with internal stakeholders relevant to the role. Interviews may be conducted virtually or on-site.

• Hybrid working model (3 days in the office per week)
• We are a team dedicated to pushing the boundaries of product innovation and technology
• Stable and cash-flow positive company with long-term growth
• Snacks and weekly lunches in the office
• Strong training and career development programs
• Dynamic, international team of professionals
• Collaborative, inclusive work environment with diverse contributions valued
• Regular social events and activities

Powered by People - Powered by You! We embrace diversity and equity to create an inclusive workplace. To help our customers make supply chains more efficient and resilient, we rely on a global team with diverse backgrounds, skills, and views. We believe in equal opportunity and in diversity as a driver of innovation.

Experience life at Ivalua - check out our video for insights into our company culture and what it’s like to work with us.