Senior Security Analyst - GRC

Senior Security Analyst - GRC

(Massy - France)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn 

THE OPPORTUNITY

CONTEXT:

You will be part of the InfoSec team with a mission to build, maintain, and continuously improve our Information Security program, providing peace of mind and assurance of protection and safety to our customers. Our team is hands-on, with a strong problem-solving mindset, capable of thinking holistically about implementation and providing solutions to address our customers' long-term challenges. We work hard and play hard, enjoying various indoor and outdoor activities organized by the company, allowing you to focus, collaborate, and unleash your creativity.

ROLE: 

We are looking for a Senior Security Analyst to join our InfoSec team. This role will help drive various GRC activities which include supporting prospect and customer security questions, maintaining security policies, supporting security audits and assessments and driving new security certifications/compliance initiatives. 

WHAT YOU WILL DO WITH US 

• Lead and support compliance initiatives across global and regional frameworks including SOC 1/SOC 2, ISO 27001, IRAP, PCI-DSS, SecNumCloud, Cyber Essentials Plus (CE+), BSI C5, NIST 800-53
• Evaluate technical controls across the technology stack, including all layers of the TCP/IP model (e.g. network segmentation, firewall rulesets, TLS/SSL configuration, IDS/IPS, access controls, application security, encryption in transit/at rest, cloud security configurations), and translate security requirements into actionable guidance for engineering and infrastructure teams.
• Drive and manage customer security audits, security questionnaires, and contract reviews with a primary focus on the EMEA region. Participate in the negotiation and review of French contracts to ensure alignment with security and compliance obligations.
• Attend prospect and customer meetings and effectively present Ivalua’s security architecture and control information to them. 
• Lead or support internal and third party security risk management processes, including risk identification, analysis, scoring, treatment planning, and ongoing monitoring. 
• Support continuous compliance monitoring activities using manual and automation and GRC tooling to maintain control effectiveness, generate evidence, and ensure audit readiness.
• Own execution and coordination of key security and availability controls such as Business Impact Analysis (BIA), Disaster Recovery testing, security incident response exercises, access reviews, etc. 

YOUR PROFILE

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• At least 4 years of experience as Security Analyst GRC 
• Strong working knowledge of security, risk, and compliance frameworks (e.g. NIST CSF & 800-53, ISO 27001, SOC, HITRUST, HIPAA, PCI-DSS, GDPR)
• Direct experience managing audits, self-assessments, or risk assessments against one or more InfoSec frameworks listed above
• Experience performing or supporting security risk management processes (risk assessments, risk registers, business impact analysis)
• Familiarity with continuo