Confirmed IT GRC Consultant

Regular (CDI) - Paris

Are you ready to play a role in maintaining and improving the security and privacy of our patients to ensure the best user experience of the top European healthcare product used and loved by millions of patients and doctors? If so, we are looking for a skilled, passionate IT GRC Consultant who has a hands-on approach in the diverse topics related to our IT Governance, Risk and Compliance processes.

We are growing internationally, helping more and more professionals each month and launching new projects. Thus, security is our absolute priority and that’s why we want to build the best team to maintain a state-of-the-art, healthcare compliant, security level aligned with our risk-based approach management.


What you will do :

Your main missions will be:

  • Participate actively in our ISO 27001/HDS alignment initiative towards certification, which includes several ongoing projects and activities such as :
    • Information Security risk analysis and follow-up
    • Controls implementation follow-up
    • KPIs follow-up
    • Information Security Governance committee
    • Documentation writing and review
    • Awareness programme definition
    • Audit programme definition
    • Internal training delivery
  • Participate in scoping our certification strategy (on top of ISO 27001/HDS)
  • Conduct internal and targeted security audits
  • Support compliance with locales regulations in the countries where we’re present.
  • Support Legal and Procurement processes for RFPs and contractualization
  • Participate in GRC tools design and implementation
  • Follow the regulations that apply to Doctolib


Context :

Attached to the GRC Manager, you will join a motivated, result-oriented and united global team (led by Group CISO), with highly complementary profiles and expertise in areas such as application, platform and IT security, data protection and, of course, GRC.


 Your profile :

  • You have a 1st successful and validated experience on at least three of the activities described above (mandatory)
  • You have experience on ISO 27001 (Implementor or Auditor certification appreciated)
  • You have experience on operational security (Run, Outsourcing contract)
  • You are curious, autonomous, flexible, rigorous, enthusiastic, passionate and have a taste for teamwork. 
  • Experience working in a large cloud SaaS software company is appreciated
  • Fluent written and spoken English and French are mandatory


Engineering job opportunities