GRC, Information & Security Manager

Security Governance & Compliance

• Lead and oversee certification processes, maintaining SOC 2 Type 2 compliance and being able to drive adoption of ISO 27001 and ISO 27701 as the company grows.
• Ensure compliance with GDPR, the EU AI Act and Cyber Resilience Act, staying ahead of regulatory changes that affect our product and operations.
• Maintain comprehensive security controls documentation and compliance records.
• Act as the primary security contact for enterprise clients.
• Assist sales and go-to-market teams by completing security questionnaires and clearly communicating our security posture to potential customers.

Cloud Security & Technical Oversight

• Audit cloud provider controls and security configurations (AWS).
• Enforce robust access management practices and security controls across our infrastructure.
• Partner with engineering to embed secure development practices throughout the SDLC.

Security Policy & Documentation

• Draft, maintain, and enforce company-wide security policies that are practical and scalable.
• Conduct security risk assessments and develop actionable mitigation strategies.
• Foster a strong security culture through internal guidelines, training, and awareness initiatives.

Operations & Incident Response

• Monitor for security incidents and ensure response procedures are well-defined, tested, and effective.
• Coordinate regular security audits and penetration testing engagements.
• Continuously evaluate and recommend security tools, automation, and frameworks

• 5+ years of experience in security roles (Security Officer, GRC Manager, or Security Engineer).
• Expertise in SOC 2 and/or ISO 27001 compliance frameworks.
• Solid understanding of cloud security best practices in a scale-up environment.
• Experienced in writing and implementing security policies that are practical and enforceable.
• Biased for action : you identify and drive security improvements without waiting to be asked.
• A fast learner able to stay ahead of the fast moving regulatory landscape
• Meticulous in documenting and enforcing security policies.
• Able to communicate security concepts clearly to both technical and non-technical audiences.
• Collaborative and effective working with engineers, compliance stakeholders, and leadership.

Nice to Have

• Experience with AI governance frameworks (ISO 42001) or emerging AI-related certifications.
• Background of building security programs from the ground up in a high-growth startup.
• Familiarity with security automation tools that streamline compliance workflows.
• Hands-on experience with incident response planning and crisis management.
• French speaker.

This role is hybrid, and you are expected to be in the office 3 days a week on average.

Please expect some travels between offices.

What We Offer:

Join the exciting journey of shaping the future of AI, and be part of the early days of one of the hottest AI startups.

Collaborate with a fun, dynamic, and multicultural team, working alongside world-class AI talent in a highly collaborative environment.

Enjoy a competitive salary.

Unlock opportunities for professional growth, continuous learning, and career development.

If you want to change the status quo in AI, join us.

H exists to push the boundaries of superintelligence with agentic AI. By automating complex, multi-step tasks typically performed by humans, AI agents will help unlock full human potential. H is hiring the world's best AI talent, seeking those who are dedicated as much to building safely and responsibly as to advancing disruptive agentic capabilities. We promote a mindset of openness, learning, and collaboration, where everyone has something to contribute.