Job Specifications
Description Du Poste
Leboncoin is progressively building an autonomous cybersecurity function while remaining part of the Adevinta group. As part of this transformation, we are establishing a local Cybersecurity Risk & GRC function to own leboncoin-specific cyber risks, support executive decision-making, and ensure alignment with group-level governance frameworks.
The Cybersecurity Risk & GRC Lead’s mission is to make cyber risk understandable, actionable, and decision-ready for both technical teams and executive leadership, without slowing down innovation or delivery.
This role is not a pure compliance role. It is a hands-on, strategic position at the intersection of security, product, engineering, legal, and top management.
Exigences du poste
7+ years of experience in cybersecurity, risk management, GRC or equivalent security roles
Strong technical and functional understanding of:
modern application and cloud architectures
operational security and incident response realities
regulatory environments relevant to digital platforms (GDPR, NIS2, etc.)
Proven experience engaging with:
engineering teams
legal / compliance functions
senior leadership
Mindset & skills
Ability to translate technical risk into business language
Comfortable operating in evolving, build-mode environments
Pragmatic, outcome-oriented approach
Strong communication and facilitation skills
Ability to challenge constructively (upwards and laterally)
Nice to have
Experience in marketplace or digital platform environments
Exposure to group / multi-entity governance models
Incident response or CSIRT background
Knowledge of risk frameworks (ISO 27005, NIST RMF), without dogmatism
Responsabilités liées au poste2. Governance, traceability & group alignment3. Policies, standards & risk control oversight (pragmatic approach)5. Incident & crisis contribution7. Security culture & enablement
Cyber risk management (core mission)
Own and maintain the leboncoin cyber risk register
Identify, assess, prioritise and track cyber risks related to:
marketplace activities
products and platforms
data flows
critical systems, infrastructures and services
third-party and partner ecosystem
Translate technical security issues into business-impact-oriented risk statements
Support executive decision-making on:
risk mitigation
risk acceptance
risk transfer
Track the implementation of risk treatment plans, identify gaps and escalate delays or weaknesses to the appropriate governance bodies
Act as the local point of contact for Adevinta’s cybersecurity governance
Adapt group security principles, policies and risk frameworks to leboncoin’s context
Prepare and deliver cyber risk reporting to:
leboncoin executive management
Adevinta Group CISO and governance committees
Ensure traceability of risk decisions, including acceptance, mitigation and transfer
Clarify and formalise responsibilities between central and local security teams
Own the local cybersecurity policy and standards framework
Ensure policies are:
aligned with group requirements
proportionate to actual risks
understandable and usable by teams
Assess the adequacy and effectiveness of security controls against identified risks
Coordinate internal security control activities (without acting as an audit function)
Contribute to security by design initiatives with Product & Architecture Security
Third-party & supply chain risk
Own cybersecurity risk management for leboncoin vendors, partners and suppliers
Define risk-based security requirements for third parties
Support procurement, legal, product and tech teams during vendor or any third party onboarding and integration with providing security technical review, security contract review and adjustment
Ensure ongoing tracking of third-party cyber risks and related treatment plans
Provide a business risk perspective during security incidents:
impact assessment
regulatory, contractual and reputational considerations
Support executive-level crisis communication preparation and decision-making
Ensure post-incident lessons learned are reflected in the risk register and governance
Regulatory compliance & cross-functional coordination
Contribute to cybersecurity regulatory obligations (e.g. NIS2) through a risk-based governance approach
Work closely with the DPO, without replacing their legal responsibilities
Contribute to data protection risk assessments (e.g. DPIAs) on cybersecurity aspects
Identify and track cyber risks related to AI-based systems, in coordination with product, legal and compliance teams
Help product, tech and business teams understand their cyber risk ownership
Contribute to security awareness and training initiatives
Promote shared accountability for cyber risk across the organisation
What this role is not
Not a SOC analyst role
Not an audit role
Not a technical control implementation role
Not a blocker for product or engineering teams
This role exists to enable informed decisions and clear accountability, not to say “no by default”.
Avanta
About the Company
Créé en 2006, leboncoin.fr est une plateforme d’échanges d’un nouveau genre, qui simplifie l’accès à la consommation, privilégie la relation locale et fait du digital un outil au service de tous. En facilitant le rapport des individus à l’échange et à la consommation, leboncoin a su s’imposer en quelques années comme phénomène de société français et faire du bonheur des uns le bonheur des autres. leboncoin, est le 1er site généraliste de vente entre particuliers en France, leader sur les marchés de l’immobilier et l’automobi...
Know more