GRC Security Engineer

About the role

At DataDome, security is a core part of the product and of how we operate as a company. We protect large enterprises against bots, fraud, and account abuse, which means strong security and compliance foundations are critical to the trust our customers place in us.

As the company grows, so does the level of rigor expected around certifications, risk management, internal controls, third-party security, and audit readiness. We’re looking for a Senior GRC Security Engineer to help us scale that work in a way that is practical, effective, and grounded in how teams actually operate.

This is a hands-on individual contributor role reporting to the Head of Security. The impact of the role comes from follow-through, sound judgment, and the ability to turn compliance requirements into security practices that hold up in the real world.

You also will build and own a robust tooling and workflow engine to power and automate GRC activities at scale.

You will be more specifically in charge of things like...

Compliance programs

• Play a leading role in DataDome’s ISO 27001 program, driving day-to-day execution across control maturity, evidence collection, internal audits, and audit preparation.
• Help maintain DataDome’s SOC 2 Type II program over time, ensuring controls, evidence, and follow-up actions stay on track.
• Keep compliance work practical, reliable, and scalable as the company grows.

Risk management

• Run the risk management process in practice, including risk assessments, workshops, the risk register, treatment plans, and follow-up.
• Work with both technical and business stakeholders to identify and assess risks in a structured and useful way.
• Help teams turn risk findings into clear, prioritized remediation actions.

Third-party risk and internal controls

• Handle third-party security reviews for internal tools and vendors, including onboarding assessments, reassessments, and follow-up actions.
• Check that key controls are actually in place across tools and processes, spot gaps or weak configurations, and make sure remediation is tracked and moving with the right teams.

Awareness and business partnership

• Lead the security awareness program, including training, phishing simulations, and effectiveness tracking.
• Act as a key security partner for Legal, HR, Finance, and Business Operations on topics such as people controls, data handling, and process design.
• Help Sales on security topics when needed, including writing clear, accurate, and high-quality answers to security questionnaires and supporting follow-up discussions during the sales cycle.
• Be comfortable representing security during audits, including explaining how controls work, answering auditor questions, and following up on findings.

It would be great if...

• You have at least 7+ years Experience in a cybersecurity product company or internet-scale SaaS environment.
• You have demonstrated hands-on experience with ISO 27001 and understand what it takes to drive and maintain a certification program in the long run.
• You are comfortable going directly to teams, understanding how things work in practice, spotting gaps, and pushing for improvements that actually fit the way people work.
• You care about whether controls are real and effective, not just documented.
• You are comfortable running structured risk assessments and facilitating discussions with both technical and non-technical stakeholders.
• You communicate clearly and confidently, both in writing and in person, and you are comfortable working in French and English.