Security Governance Associate

Job Description

Contentsquare is a global digital analytics company empowering the brands you interact with every day to build better online experiences for all. Since our founding in France in 2012, we have grown to be a truly global and distributed team – known as the CSquad – representing more than 70 nationalities across the world. In 2022, we raised $600M in Series F funding and were recognised as a certified Great Place to Work in France, Germany, Israel, US and UK. Please Note: Scammers are posing as Contentsquare and Contentsquare team members. We’ll never initially contact you via text or GChat, and never solicit money from you. Please visit our careers blog for more information. Contentsquare is looking for a Security Governance Analyst to be a part of the Security Team. As part of the Security Team, you will be reporting directly to the Security Governance Specialist. Contentsquare’s Security Team sits within the global trust team and is responsible for the oversight, guidance and business enablement of security aspects within Contentsquare and its acquired company products, teams and customers. You will work out of our Paris office. Contentsquare provides a SaaS service and commits to the highest security level for its customers. Contentsquare is ISO 27001 and ISO 27701 certified and deployed many security initiatives during the last year (SOC 2 Type 2 report, penetration testing, private bug bounty program, security awareness training for all employees, SIEM, etc.).

As part of the Security Governance & Compliance Team, you will be responsible for:

• Participating in maintaining our ISO 27001/27701 certifications and SOC 2 report
• Helping acquired companies integrate with Contentsquare’s security policies and practices
• Taking part in internal, external, customer and certification security audits
• Contributing to periodic risk management activities such as internal risk assessments and third party security reviews
• Deploying/merging our security practices, policies and certification with recently acquired companies
• Handling the security governance tasks (bi-annual management review, risk analysis, monthly KPI, security awareness, supplier risk review)
• Collaborating with other departments to improve the security of business processes (onboarding, offboarding, access management, business continuity, SDLC, incident management, etc.)
• Actively promoting security awareness through the use of structured campaigns and initiatives
• Helping ensure internal security controls are understood and consistently followed
• Responding to prospects/customers on security topics before and during the life of customer contracts
• Reviewing security clauses in legal contracts
• Arrange the schedule of internal and external security scans, penetration testing, code vulnerability testing, etc.
• Continually monitor emerging threats, understanding when a concern becomes a priority, and finding creative ways to mitigate these while achieving business goals
• Respond to security incidents if they occur, working to investigate and remediate the impact swiftly
• As part of Third-Party Risk Management (TPRM), perform security assessments and risk analyses on vendors

Desired Skills and Attributes:

• Genuine interest in various security, governance, risks and compliance topics
• Comfortable taking ownership of projects and showcasing key accomplishments
• Excellent interpersonal skills and a service ethic
• A track record of assisting business functions with technical internal and customer-facing requests that are prioritized appropriately
• Ability to work quickly and independently in a fast-paced scale-up environment
• Experience delivering risk assessments, security policies, processes and procedures, guidance, and training with empathy and understanding for a diverse remote team
• Familiarity with internal/external security assessments and reviews, such as penetration testing, bug bounty programs, and internal vulnerability scans
• A willingness to get stuff done in an enthusiastic, proactive, and resourceful manner that scales
• Be passionate about information security!
• Fluent in English (French is a plus!)

Experience Requirement:

• Bachelor and/or Master’s Degree, with a concentration in Management of Information System or equivalent
• 1-2 years of previous experience in consulting
• Strong project management skills
• Knowledge of ISO 27001, SOX and SOC 2 frameworks is desirable
• Rigor and autonomy, be a force for bringing forward proposals

If you are interested in the role, please submit your English resume. Why you should join Contentsquare: ▪️ We’re humans first. We hire dedicated people and provide them with the trust, resources and flexibility to get the job done. ▪️ We invest in our people through career development, mentorship, social events, philanthropic activities, and competitive benefits. ▪️ We are a fast growing company with a track record of success over the past 10 years, yet we operate with the agility of a startup. That means a huge chance to create an immediate and lasting impact. ▪️ Our clients, partners and investors love our industry-leading product. To keep our employees happy and engaged, we are always assessing the benefits/perks we offer to ensure we are competitive. Here are a few we want to highlight: ▪️ Virtual onboarding, Hackathon, and various opportunities to interact with your team and global colleagues both on and offsite each year. ▪️ Work flexibility: hybrid and remote work policies. ▪️ Generous paid time-off policy (every location is different). ▪️ Immediate eligibility for birthing and non-birthing parental leave. ▪️ Wellbeing allowance. ▪️ Home Office Allowance. ▪️ A Culture Crew in every country to coordinate regular outings such as game nights, movie nights, and happy hours. ▪️ Every full-time employee receives stock options, allowing them to share in the company’s success. ▪️ We offer many benefits in various countries -- ask your recruiter for more information. We are a 2024 Circle Back Initiative Employer – we commit to responding to every applicant Contentsquare is an equal-opportunity employer. Qualified applicants will receive consideration for employment without regard to sex, gender identity, gender expression, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law. Your personal data is used by Contentsquare for recruitment purposes only. Read our Job Candidate Privacy Notice to find out more about data protection at Contentsquare and your rights. You can exercise your rights by using our dedicated Data Subject Rights Portal here . Your personal data will be securely stored in our hosting provider’s data center in Oregon (US West). We have implemented appropriate transfer mechanisms under applicable data protection laws. Apply for this job