- Company Name
- Hirsch Group (fka Vitaprotech)
- Job Title
- Chargé de conformité Cybersécurité et Réglementations H/F
- Job Description
-
Job title: Cybersecurity Compliance Officer
Role Summary:
Responsible for aligning the organization’s information security practices with national, European, and U.S. regulatory frameworks (e.g., GDPR, NIS2, DORA, Cyber Resilience Act, CRA, NIST). Works under the Chief Information Security Officer (CISO) to develop, implement, and monitor compliance activities, maintain the Information Security Management System (ISO 27001/27002), and support certification and audit readiness.
Expectations:
- Deliver a comprehensive compliance roadmap for DORA, GDPR, and other applicable regulations.
- Achieve full compliance within the defined scope and complete required certifications (ISO 27001).
- Produce accurate dashboards and reports for senior management and the CISO.
- Ensure continuous regulatory awareness and integration of compliance within business projects.
Key Responsibilities:
- Conduct ongoing regulatory and normative monitoring of EU, national, and U.S. cybersecurity laws.
- Translate regulatory requirements into actionable internal controls and audit checks.
- Create and maintain a mapping of all regulatory obligations across the organization.
- Assist in the design, implementation, and maintenance of the Information Security Management System (SMSI) per ISO 27001/27002.
- Define, implement, and track compliance plans for DORA, GDPR, NIS2, CRA, etc.
- Support internal and external audit processes and pursue relevant certification audits.
- Collaborate with business units to embed compliance into project lifecycles.
- Develop and deliver internal awareness programs and communications on compliance and cyber risk.
- Produce key performance indicators, reporting dashboards, and executive briefings on compliance status.
- Log all activities in EGÉRIE RM and generate deliverables for the CISO and executives.
Required Skills:
- In-depth knowledge of ISO 27001/27002, GDPR, NIS2, DORA, CRA, and NIST frameworks.
- Strong regulatory translation and implementation capability.
- Experience with risk assessment, control design, and audit execution.
- Proficiency in governance, risk, and compliance (GRC) tools (EGÉRIE RM preferred).
- Excellent analytical, documentation, and reporting skills.
- Ability to communicate complex regulatory requirements in clear, non‑technical language.
- Proven stakeholder management across cross‑functional teams.
- Professional English communication competence (written and oral).
Required Education & Certifications:
- Minimum Master’s level (Bac +5) in Information Security, Digital Law, or equivalent engineering discipline.
- 3–5 years of demonstrable experience in information security, compliance, or IT governance.
- Relevant certifications (ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISA, or GDPR Practitioner) are preferred.
Soft Skills:
- Rigorous, autonomous, and highly analytical approach.
- Strong facilitation and teaching ability to disseminate compliance knowledge.
- Collaborative mindset and effective dialogue with diverse stakeholders.