
Alan · Paris
HEALTH CAN’T WAIT. Not for symptoms to get worse. Not for a six‑month appointment. Not for a system to catch up. But that’s exactly how healthcare works today....
Not for symptoms to get worse. Not for a six‑month appointment. Not for a system to catch up. But that’s exactly how healthcare
works today. You wait, until you can’t.
Alan exists to end the wait.
Health is a universal right, and we believe this right can only become real when it’s coupled with prevention. We need to stop
treating health as something we repair and start treating it as something we build, every day. It’s not solely a question of
willpower. It’s the healthcare system itself that needs to work for everyone, in a sustainable way.
So we are building the new standard in prevention insurance. Alan is the first company that integrates insurance, prevention, and
care into a single, acclaimed user experience.
We are on an incredible journey to build a global leading company, with a unique culture. We already partner with 40K+ companies
of all sizes, serving more than 1M+ members, and have reached €800M+ in ARR.
Prevention as the new norm. That's what we're building with our team of 800+ people. If it speaks to you: we're hiring across
France, Spain, Belgium, and Canada. And beyond.
You will lead Alan's Security team, a highly technical group operating across 10+ countries in a regulated health insurance
environment. As Security Lead, your missions span four core areas:
ownership, and create conditions for genuine professional growth.
engineering teams ship AI-powered features safely and at speed.
environment (DORA, HDS, RGPD, NIS2, PGSSI-S), and ensure Alan's security programme keeps pace with its geographic expansion.
regulators, and partners. Align Legal, DPO, Risk, Engineering, and Product on security requirements, and build a security
culture that empowers rather than restricts.
Alan is a fast-growing health insurer operating in a uniquely complex environment. The challenges you will navigate include:
view on LLM security, agent risks, and AI governance, and the ability to translate that into concrete, actionable priorities.
HDS, RGPD, NIS2, PGSSI-S) while keeping the business moving. You will need to translate regulatory requirements into technical
controls without creating bottlenecks.
framework, CERT Santé, HDS) that demand both technical precision and operational rigor.
Engineering, Product, and Operations, and make them come to you early, will be as important as your technical depth.
that feeds real decisions, scales with the company, and earns genuine trust.
defining contractual security requirements
Act)
This position targets level F+ on our level grid.
Location: You must be legally eligible to work from France. We offer remote work flexibility, but we value in-person collaboration
If you're excited about this opportunity but don't check every box, we'd love to hear from you. Everyone, no matter how
underrepresented, should feel free to apply, as it can only bring learnings or success.
If you identify yourself as a woman: Did you know that research shows women often apply only when meeting 100% of requirements?
Remember, this is just a guide, not a checklist. We'll be thrilled to receive your application!
🔖 Check out our About Alan and Career pages, as well as our Medium, blog and Glassdoor page for more info.
🙌 Perks & Benefits: Alaners are provided with a stimulating environment and perks ensuring they are happy, efficient and spend
only high-quality time with co-workers.
🤘A strong culture: People joining Alan are often surprised and delighted by our innovative working method. We have a set of
cultural values that guide our approach to work
HEALTH CAN’T WAIT. Not for symptoms to get worse. Not for a six‑month appointment. Not for a system to catch up. But that’s exactly how healthcare works today. You wait, until you can’t. Alan exists to end the wait. Health is a universal right, and we believe this right can only become real when it’s coupled with prevention. We need to stop treating health as something we repair and start treating it as something we build, every day. It’s not solely a question of willpower. It’s the healthcare system itself that needs to work for everyone, in a sustainable way. So we are building the new standard in prevention insurance. Alan is the first company that integrates insurance, prevention, and care into a single, acclaimed user experience. We are on an incredible journey to build a global leading company, with a unique culture. We already partner with 40K+ companies of all sizes, serving more than 1M+ members, and have reached €800M+ in ARR. Prevention as the new norm. That's what we're building with our team of 800+ people. If it speaks to you: we're hiring across France, Spain, Belgium, and Canada. And beyond. Alan operates at the intersection of health insurance, prevention, and regulated data. The person in this role owns the security governance and risk posture of a company that handles sensitive health data for 1M+ members, operates under DORA and HDS certification requirements, and is regulated by the ACPR. They work in close partnership with Legal, Internal Audit, and the broader Risk function — this is a collaborative role, not a siloed one. 🛡️ YOUR MISSION — GOVERNANCE, RISK & COMPLIANCE Own and operate the ISO 27001 ISMS. You are the accountable owner of the Information Security Management System — scope definition, Statement of Applicability, internal audit programme, and management review. You've led at least one full certification or recertification cycle and know what breaks down in the months between audits. Be the security expert in the room on regulatory and privacy matters — not the owner. Legal leads on DORA, HDS, RGPD, PGSSI-S, and regulatory relationships. Your role is to bring the technical and operational security substance: translating regulatory requirements into controls, flagging implementation gaps, and making sure the security programme holds up when the regulatory team negotiates with the ACPR or ANS. Run risk as a living programme, in partnership with the broader risk function. You lead security risk cartography using EBIOS RM and ensure it feeds into — and is informed by — the company-wide risk framework. You facilitate risk workshops, produce treatment plans, and bring the security lens to forums where non-security risks are also on the table. You know when a security risk is actually a business risk in disguise. Own the controls framework, but distribute ownership of controls themselves. You define the framework, set the standards, and track coverage — but the controls live with the teams who build and run the things they protect. You work closely with Infrastructure, Platform, and Engineering to ensure foundational building blocks (identity, network, secrets management, logging) are designed with security requirements embedded, not bolted on. You're a partner to those teams, not an auditor standing over them. Run audit cycles with rigour, in close partnership with Internal Audit. You manage the security audit programme and coordinate with certification bodies, but you're not operating in a vacuum. You work with Internal Audit to align scopes, avoid duplication, and present a coherent picture of control effectiveness to the board. You've sat in joint audit planning sessions and know how to make that relationship productive rather than territorial. Manage third-party risk with real teeth. You run vendor security assessments, define contractual security requirements (security annexes, DPAs). You partner with our Risk team, which oversees third-party risk, and own the security dimension. Bring the health sector context. You understand the ANS framework, CERT Santé requirements, and what it means to handle sensitive health data operationally — not just on paper. You're a useful partner to Legal when the question is "what does this regulation actually require us to do technically?" Own incident governance and support DORA reporting. You classify and escalate ICT incidents internally, own BCP and DRP governance, and provide the security substance for DORA incident reports. 🚀 WHAT YOU'LL BUILD AND WHO YOU'LL WORK WITH Next-Gen Compliance Framework: ISO 27001, DORA, HDS, NIS2 — multiple regulators, multiple countries, one coherent governance backbone. Build the system that lets Alan scale from 1M to many millions of members without rebuilding compliance every time. Automated Audit & Evidence Engine: Replace manual evidence collection with scripted pipelines plugged directly into engineering systems. Turn audit cycles from quarterly fire drills into a continuous capability. Living Risk Cartography: Risk treated as an operational signal, not a static deliverable. EBIOS RM at the core, feeding directly into business and engineering decisions. You'll work closely with Legal, DPO, Internal Audit, and the broader Risk function — and partner day-to-day with Infrastructure, Platform, Engineering, Product, and Operations. You're the bridge between regulatory complexity and operational simplicity. ⚡ WHY THIS ROLE IS SPECIAL Direct Impact: You own the trust foundation that lets Alan handle health data for 1M+ members and operate in highly regulated markets. Your work is the precondition for everything else Alan does. Complex Problems: 4 regulators across 4 countries, sensitive health data, and a regulatory landscape that keeps shifting (DORA, NIS2, AI Act) — to be modeled into a single, coherent control system. Ownership & Growth: Board and executive exposure, real influence on company-wide risk decisions, and the autonomy to shape Alan's security culture across 800+ people. 🤝 WHAT YOU WILL ALSO DO — TECHNICAL ENABLEMENT Automate compliance work wherever possible. You script evidence collection, automate control testing, and connect GRC tooling to engineering pipelines. You've used Python or similar to reduce the manual lift of an audit cycle, and you actively look for the next process to streamline. Configure and own GRC tooling, not just use it. You can administer platforms like CISO Assistant, ServiceNow GRC, or Archer — designing workflows, building dashboards, and making them actually useful for the teams that feed them data. Speak cloud governance fluently. You understand shared responsibility in HDS-qualified environments, know what CSPM tools surface and what they miss, and can reason about policy-as-code (OPA, SCP) without needing an engineer to translate. Read architecture well enough to challenge it. You can review a proposed architecture, identify control gaps in identity, network segmentation, encryption, or logging, and push back credibly in a room of engineers — without pretending to be one. Interpret vulnerability data and drive prioritisation. You read scan outputs, work with engineering teams to prioritise remediation by business risk rather than CVSS score, and track resolution KPIs over time. ⭐️ QUALIFICATIONS — MINDSET AND SOFT SKILLS You translate risk into business language. You can brief a board or an audit committee and make them feel informed — not overwhelmed or underwhelmed. You know the difference between a finding that requires an emergency board call and one that belongs in a quarterly report. You influence without authority. You align Legal, DPO, Risk, Engineering, Product, and Operations on security requirements without creating blockers or adversarial dynamics. People don't avoid you — they come to you early because you make their lives easier, not harder. You manage programmes with audit-grade rigor. You run structured, traceable roadmaps. You know where every commitment is, who owns it, and when it's due. You escalate proactively and don't let dependencies surprise you. You build security culture, not compliance theatre. Your awareness programmes land because they're relevant, not because they're mandatory. You foster proportionate risk ownership across the company — the goal is teams making better decisions, not teams checking boxes. You think in principles when frameworks shift. DORA is live. NIS2 transposition pace varies. The AI Act is arriving. You don't freeze when the regulatory landscape moves — you reason from first principles and adapt without waiting to be told what to do. 🌍 HOW WE WORK Location: Paris-based, hybrid. We value in-person collaboration and ask Alaners to be in the office part of the week. 🎯 We hire people, not checklists. If you're excited by this scope but don't check every box, we'd still love to hear from you.
About Datadog: We're on a mission to build the best platform in the world to defend the enterprise from code-to-cloud-to-runtime. Used by thousands of companies globally, Datadog security products uniquely leverage Datadog's unified security and observability platform so Security, DevOps and SRE can collaborate rapidly and seamlessly to deliver better detection, prioritization and remediation. Our product and engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way. The Opportunity: In this competitive market, the Director of Product Management for Cloud Security and Platform will play a mission-critical role in providing product and strategy leadership to grow Datadog's market share through differentiation, innovation and compelling customer value. This leader will work with a talented and growing team of product managers and engineers to build and grow multiple product lines that play an essential role for our customers' cloud security programs and the shared platform capabilities supporting all Datadog security products, to establish Datadog as a security industry leader. At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them. What You'll Do: * Run and grow multiple product lines to meet revenue and business targets with the goal of building a multi-hundred million dollar annual business. * Lead and own product strategy and roadmap for accountable security product lines, fully aligned to revenue and business goals and with compelling differentiation and customer value. * Ensure predictable roadmap execution across direct and partner teams to achieve product and business outcomes required to meet the revenue and business goals. * Analyze and develop pricing and packaging strategies to maximize revenue through attaching deep understanding of market dynamics and other strategic leverage points. * Drive GTM strategy with GTM partner teams to achieve revenue and business goals. * Fulfill the role as the product-leader representative across accountable product lines with analyst, press and customer communities. * Manage and grow both manager and individual contributor (IC) Product Managers, ensuring they are motivated, delivering high quality work and finding high fulfillment. * Model and contribute to a culture of learning and collaboration across product management and the broader organization. * Raise the bar of PM leadership through leadership in strategy development, roadmap planning and execution, GTM and overall product-leader responsibilities. Who You Are: * An experienced leader in Product Management with demonstrated business growth and customer adoption success in the CNAPP market, as well as demonstrated experience driving shared platform capabilities in service of multiple products. * A seasoned team leader with experience directly managing product management teams and mentoring talent into sustained high performers. * Passionate about GTM and have demonstrated success in developing GTM programs and achieving GTM targets with counterparts in sales, sales engineering, channels, marketing and customer success. * Excellent at cross-functional alignment and ensuring all partner organizations are fully aligned and committed to delivering what is needed to achieve roadmap and business goals. * Highly skilled in pricing and packaging strategies to maximize revenue potential and strategic advantage. * Highly customer-centric and a convincing champion of the needs of the customer to deliver a compelling, high value and high quality customer experience across all phases of the customer lifecycle. * Previously a software engineer, security engineer or have demonstrated technical knowledge to be able to discuss technical concepts with customers and engineering counterparts. * A compelling presenter with excellent verbal and written communication skills with a proven track record of presenting and defending your ideas to executive, technical and non-technical audiences, as well as external audiences including industry analysts. * Highly data-driven with an advanced analytical aptitude that can draw critical insights through synthesizing market, competitive, usage, pipeline and other data sources. Datadog values people from all walks of life. We know not everyone will meet all the above qualifications on day one. That's okay. If you're passionate about technology and want to grow your experience, we encourage you to apply. Benefits and Growth: * Work on industry-leading cloud security products that protect organizations at global scale. * Lead highly talented product management teams solving complex technical challenges. * Partner with world-class engineering and go-to-market organizations. * Influence company strategy and the future direction of Datadog's security platform. * Grow your leadership through meaningful ownership, mentorship, and cross-functional collaboration. * Contribute to an inclusive culture focused on learning, innovation, and customer impact. * Benefits and Growth listed above may vary based on the country of your employment and the nature of your employment with Datadog. ---------------------------------------------------------------------------------------------------------------------------------- About Datadog: Datadog is the leading observability and security platform for the AI era, providing businesses with unified visibility across the technology stack to manage complexity at scale. It brings applications, infrastructure, data, models, and security into one place, using AI to detect and resolve issues before they impact customers. Trusted globally by Fortune 500 companies and high-growth AI leaders, Datadog enables businesses to move faster with clarity and confidence. Learn more about #DatadogLife on Instagram, LinkedIn, and Datadog Learning Center. ---------------------------------------------------------------------------------------------------------------------------------- Equal Opportunity at Datadog: Datadog is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and other characteristics protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. Here are our Candidate Legal Notices for your reference. Datadog endeavors to make our Careers Page accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please complete this form. This form is for accommodation requests only and cannot be used to inquire about the status of applications. Privacy and AI Guidelines: Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice. For information on our AI policy, please visit Interviewing at Datadog AI Guidelines.
Vestiaire Collective is the leading global platform for desirable pre-loved fashion and a pioneer in transforming how people consume fashion. Our mission is simple: make circular fashion the norm, not the exception. Through technology, expertise, and a highly engaged global community, we enable millions of people to buy and sell fashion in a more sustainable way. Founded in Paris in 2009, Vestiaire Collective is now a globally scaled marketplace with offices in Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City, and logistics hubs across Europe, Asia, and the US. Today, we are a team of around 600 people from over 50 nationalities, united by a shared ambition: to drive meaningful change in the fashion industry. Our values, Activism, Transparency, Dedication, Greatness, and Collective, shape how we build, collaborate, and grow every day. Please upload your CVs in English About the role : As a Senior Security Analyst at Vestiaire Collective, you will be part of our Security team. Your objective will be to provide a safe, secure, and trustworthy experience for our users, while safeguarding their privacy and personal data, as well as protecting our company assets and internal employees. Additionally, you will ensure compliance with regulatory requirements. This role is focused on security operations, risk, and assurance: you will be the person who keeps continuous watch over our security posture — monitoring and investigating alerts, driving vulnerabilities through to remediation, supporting incident response, and producing the evidence and metrics that demonstrate our security and compliance to auditors, regulators, and leadership. Reporting to the Head of Security, you will work alongside a talented team of security engineers and collaborate closely with engineering teams and other stakeholders such as legal, finance, and corporate IT. You will work daily with our security stack: Datadog (SIEM), SentinelOne (EDR), Upwind (CSPM), Cloudflare (WAF and Cloudflare One), and Grafana/Prometheus, on top of our AWS and GCP cloud environments. What you will do : Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise, and escalate confirmed threats. Review and prioritize cloud security posture findings (Upwind CSPM) across our AWS and GCP environments, and drive misconfigurations through to resolution with the relevant teams. Own the vulnerability management lifecycle: consolidate findings from penetration tests, application security reviews, and our bug bounty program; validate and prioritize them; and drive remediation with engineering teams against defined SLAs. Triage incoming bug bounty submissions: reproduce and assess reported issues, determine severity, and coordinate fixes with the relevant code owners. Support incident response from detection to closure: first-line investigation, coordination during incidents, documentation, and post-incident follow-up actions. Support audit and assurance activities: prepare and maintain evidence for external audits, run periodic access reviews (joiners/movers/leavers, privileged access), and keep compliance documentation up to date. Contribute to security metrics and reporting: maintain and enrich the KPIs and dashboards (Grafana) we use to report our security posture to leadership. Assess third-party vendors and tools from a security and data-protection standpoint. Handle day-to-day security requests from across the company (reported phishing, the security inbox, employee questions) and deliver security awareness initiatives to promote a security-conscious culture. Who you are : Proven experience (3+ years) in a security analyst, SOC, or security operations role, preferably in a fast-paced startup/scaleup environment. Strong analytical and problem-solving abilities, rigorous documentation habits, and the ability to communicate clearly with both technical and non-technical stakeholders. Hands-on experience with SIEM and log analysis platforms (e.g., Datadog, Splunk, Elastic) for alert triage, threat detection, and investigation; familiarity with EDR tooling (e.g., SentinelOne, CrowdStrike) is a strong plus. Working familiarity with cloud environments (AWS and/or GCP) and cloud security fundamentals - enough to understand, prioritize, and follow up on CSPM and WAF findings. Solid understanding of vulnerability management and common application threats (e.g., OWASP Top 10) - enough to validate findings, assess real-world impact, and discuss remediation credibly with engineers. Understanding of compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, SOC 2, GDPR, DSA), with the ability to translate requirements into practical controls, procedures, and audit evidence. Scripting or query skills (e.g., Python, SQL), for automating routine analysis and digging into data during investigations. Ability to adapt to a rapidly changing environment and manage multiple priorities. NICE TO HAVE: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CompTIA Security+/CySA+, GIAC GCIH/GCIA, CISA, ISO 27001 Lead Auditor/Implementer) are a plus. Our Tech Stacks includes Datadog SIEM Upwind CSPM Cloudflare (WAF, One) SentinelOne AWS, GCP Grafana, Prometheus Snowflake Tableau