
Resilience · Paris
🏨 L'ENTREPRISE Resilience transforme la prise en charge des patients en oncologie, gastro-entérologie et psychiatrie en améliorant l'accès aux soins et l'acco...
Resilience transforme la prise en charge des patients en oncologie, gastro-entérologie et psychiatrie en améliorant l'accès aux
soins et l'accompagnement sur toute la durée du parcours. Nos applications de santé ne doivent pas seulement améliorer la vie des
patients : notre travail consiste à développer des techniques et des processus pour minimiser les risques sur les patients.
Rejoindre Resilience, c'est contribuer à une mission concrète dans un environnement scale-up où autonomie et impact sont au cœur
de notre culture.
En quelques mots : Tu es owner du programme de conformité sécurité (ISO 27001) au sein de l’équipe QARA (Quality, Assurance &
Regulatory Affairs).
Ta mission : Animer et piloter notre système de management de la sécurité de l'information (SMSI) et garantir la cohérence au
système qualité existant (SMQ). C'est un poste spécialisé en GRC (Gouvernance, Risques et Conformité), avec une forte sensibilité
santé : tu sais lire les exigences réglementaires qui touchent à la sécurité, tu travailles main dans la main avec tes collègues
et le Security Manager, mais tu restes ancré dans ton cœur de métier tout en gardant en tête l'impact final sur le patient.
Ton impact : Tu es le moteur opérationnel qui permet à Resilience de se développer sereinement sur des marchés régulés (santé,
données sensibles) en garantissant notre posture de sécurité et notre crédibilité auprès des clients, partenaires et autorités.
politiques, audits, actions correctives. Construire et améliorer les workflows d'automatisation (Notion, agents IA, reporting)
pour rester en permanence audit-ready avec une vraie curiosité pour l'innovation technologique.
accompagner les exigences de cybersécurité DM (IEC 81001-5-1, IEC 62443, SBOM, MDR Annexe I §17) en appui de l'équipe QARA,
contribuer aux dossiers techniques et audits sur les volets sécurité, accompagner le gap assessment DiGA (BSI TR-03161) côté
sécurité, assurer la veille FDA cybersecurity.
livrables concrets.
Ici, on ne travaille pas en silo. Tu rejoins une structure agile où la conformité est un vrai sport d'équipe :
stratégique "Santé" pour aligner tes chantiers sécurité avec les exigences du marché et te fera monter en compétence sur notre
secteur.
aux dossiers techniques MDR et à la préparation des audits.
le référent GRC / SMSI : tu traduis la technique en conformité et tu structures la gouvernance.
système de management unifié. Tu seras au cœur de cette intégration, avec un impact direct sur des produits qui améliorent la
vie de patients atteints de cancer.
implications concrètes
cabinet de conseil avec une forte envie de passer chez le client final).
tu conçois des systèmes, automatises des workflows et façonnes la manière dont la conformité fonctionne dans toute
l'entreprise.
et travaillons en étroite collaboration avec les équipes techniques. Tu auras la liberté de construire des solutions
intelligentes et scalables.
standards de sécurité et de conformité. Impact concret sur l'amélioration de la prise en charge des patients.
et la collaboration asynchrone.
médicaux — MDR, SMQ, SMSI, FDA. Un périmètre exceptionnel pour monter en compétence sur des enjeux de premier plan.
GDPR : Your personal data will be processed for the purposes of recruitment related activities, which include setting up and
conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the
recruitment and hiring processes. They will be available only for people involved in the process and erased after 2 years of
inactivity.
Under GDPR and as Resilience attach great importance to privacy, please note that you have the right to request access to your
personal data, to request that your personal data be rectified or erased. The Data Protection Officer can be contacted at
privacy@resilience.care
For more information, please check our privacy policy.
🪐 Discover our galaxy Join the Future of Work ! Malt is Europe's leading freelance marketplace, connecting over 1,000,000 talented freelancers with 100,000+ companies. Founded in 2013, we're transforming how work gets done through our tech-powered, human-centered platform. What makes us different: - A diverse team of 600 Malters across 6 European countries - A culture that champions equality (50% of our Comex are women) and inclusive growth - Backed by top investors including ISAI, Serena Capital, Eurazeo Growth, Goldman Sachs, and BPI - A mission to give everyone the freedom to work differently Ready to help shape the future of work? Your next chapter starts here! 🪐 At Malt we believe that Ambition is the Way, so all lists of missions and responsibilities are non-exhaustive. Explore your future career 🔭 You'll be joining the Security team, directly supporting the Head of Security. Small team, big scope : we operate across GRC, application security, fraud, and incident response. This isn't a "write policies in a corner" internship. You'll get hands-on exposure to the full spectrum of security topics and be expected to take real ownership from day one. This internship can turn into a permanent role if it’s a mutual fit.
HEALTH CAN’T WAIT. Not for symptoms to get worse. Not for a six‑month appointment. Not for a system to catch up. But that’s exactly how healthcare works today. You wait, until you can’t. Alan exists to end the wait. Health is a universal right, and we believe this right can only become real when it’s coupled with prevention. We need to stop treating health as something we repair and start treating it as something we build, every day. It’s not solely a question of willpower. It’s the healthcare system itself that needs to work for everyone, in a sustainable way. So we are building the new standard in prevention insurance. Alan is the first company that integrates insurance, prevention, and care into a single, acclaimed user experience. We are on an incredible journey to build a global leading company, with a unique culture. We already partner with 40K+ companies of all sizes, serving more than 1M+ members, and have reached €800M+ in ARR. Prevention as the new norm. That's what we're building with our team of 800+ people. If it speaks to you: we're hiring across France, Spain, Belgium, and Canada. And beyond. Alan operates at the intersection of health insurance, prevention, and regulated data. The person in this role owns the security governance and risk posture of a company that handles sensitive health data for 1M+ members, operates under DORA and HDS certification requirements, and is regulated by the ACPR. They work in close partnership with Legal, Internal Audit, and the broader Risk function — this is a collaborative role, not a siloed one. 🛡️ YOUR MISSION — GOVERNANCE, RISK & COMPLIANCE Own and operate the ISO 27001 ISMS. You are the accountable owner of the Information Security Management System — scope definition, Statement of Applicability, internal audit programme, and management review. You've led at least one full certification or recertification cycle and know what breaks down in the months between audits. Be the security expert in the room on regulatory and privacy matters — not the owner. Legal leads on DORA, HDS, RGPD, PGSSI-S, and regulatory relationships. Your role is to bring the technical and operational security substance: translating regulatory requirements into controls, flagging implementation gaps, and making sure the security programme holds up when the regulatory team negotiates with the ACPR or ANS. Run risk as a living programme, in partnership with the broader risk function. You lead security risk cartography using EBIOS RM and ensure it feeds into — and is informed by — the company-wide risk framework. You facilitate risk workshops, produce treatment plans, and bring the security lens to forums where non-security risks are also on the table. You know when a security risk is actually a business risk in disguise. Own the controls framework, but distribute ownership of controls themselves. You define the framework, set the standards, and track coverage — but the controls live with the teams who build and run the things they protect. You work closely with Infrastructure, Platform, and Engineering to ensure foundational building blocks (identity, network, secrets management, logging) are designed with security requirements embedded, not bolted on. You're a partner to those teams, not an auditor standing over them. Run audit cycles with rigour, in close partnership with Internal Audit. You manage the security audit programme and coordinate with certification bodies, but you're not operating in a vacuum. You work with Internal Audit to align scopes, avoid duplication, and present a coherent picture of control effectiveness to the board. You've sat in joint audit planning sessions and know how to make that relationship productive rather than territorial. Manage third-party risk with real teeth. You run vendor security assessments, define contractual security requirements (security annexes, DPAs). You partner with our Risk team, which oversees third-party risk, and own the security dimension. Bring the health sector context. You understand the ANS framework, CERT Santé requirements, and what it means to handle sensitive health data operationally — not just on paper. You're a useful partner to Legal when the question is "what does this regulation actually require us to do technically?" Own incident governance and support DORA reporting. You classify and escalate ICT incidents internally, own BCP and DRP governance, and provide the security substance for DORA incident reports. 🚀 WHAT YOU'LL BUILD AND WHO YOU'LL WORK WITH Next-Gen Compliance Framework: ISO 27001, DORA, HDS, NIS2 — multiple regulators, multiple countries, one coherent governance backbone. Build the system that lets Alan scale from 1M to many millions of members without rebuilding compliance every time. Automated Audit & Evidence Engine: Replace manual evidence collection with scripted pipelines plugged directly into engineering systems. Turn audit cycles from quarterly fire drills into a continuous capability. Living Risk Cartography: Risk treated as an operational signal, not a static deliverable. EBIOS RM at the core, feeding directly into business and engineering decisions. You'll work closely with Legal, DPO, Internal Audit, and the broader Risk function — and partner day-to-day with Infrastructure, Platform, Engineering, Product, and Operations. You're the bridge between regulatory complexity and operational simplicity. ⚡ WHY THIS ROLE IS SPECIAL Direct Impact: You own the trust foundation that lets Alan handle health data for 1M+ members and operate in highly regulated markets. Your work is the precondition for everything else Alan does. Complex Problems: 4 regulators across 4 countries, sensitive health data, and a regulatory landscape that keeps shifting (DORA, NIS2, AI Act) — to be modeled into a single, coherent control system. Ownership & Growth: Board and executive exposure, real influence on company-wide risk decisions, and the autonomy to shape Alan's security culture across 800+ people. 🤝 WHAT YOU WILL ALSO DO — TECHNICAL ENABLEMENT Automate compliance work wherever possible. You script evidence collection, automate control testing, and connect GRC tooling to engineering pipelines. You've used Python or similar to reduce the manual lift of an audit cycle, and you actively look for the next process to streamline. Configure and own GRC tooling, not just use it. You can administer platforms like CISO Assistant, ServiceNow GRC, or Archer — designing workflows, building dashboards, and making them actually useful for the teams that feed them data. Speak cloud governance fluently. You understand shared responsibility in HDS-qualified environments, know what CSPM tools surface and what they miss, and can reason about policy-as-code (OPA, SCP) without needing an engineer to translate. Read architecture well enough to challenge it. You can review a proposed architecture, identify control gaps in identity, network segmentation, encryption, or logging, and push back credibly in a room of engineers — without pretending to be one. Interpret vulnerability data and drive prioritisation. You read scan outputs, work with engineering teams to prioritise remediation by business risk rather than CVSS score, and track resolution KPIs over time. ⭐️ QUALIFICATIONS — MINDSET AND SOFT SKILLS You translate risk into business language. You can brief a board or an audit committee and make them feel informed — not overwhelmed or underwhelmed. You know the difference between a finding that requires an emergency board call and one that belongs in a quarterly report. You influence without authority. You align Legal, DPO, Risk, Engineering, Product, and Operations on security requirements without creating blockers or adversarial dynamics. People don't avoid you — they come to you early because you make their lives easier, not harder. You manage programmes with audit-grade rigor. You run structured, traceable roadmaps. You know where every commitment is, who owns it, and when it's due. You escalate proactively and don't let dependencies surprise you. You build security culture, not compliance theatre. Your awareness programmes land because they're relevant, not because they're mandatory. You foster proportionate risk ownership across the company — the goal is teams making better decisions, not teams checking boxes. You think in principles when frameworks shift. DORA is live. NIS2 transposition pace varies. The AI Act is arriving. You don't freeze when the regulatory landscape moves — you reason from first principles and adapt without waiting to be told what to do. 🌍 HOW WE WORK Location: Paris-based, hybrid. We value in-person collaboration and ask Alaners to be in the office part of the week. 🎯 We hire people, not checklists. If you're excited by this scope but don't check every box, we'd still love to hear from you.
Outsight’s software solutions track the motion of people and vehicles using 3D LiDAR data. Operators of transportation hubs like airports and train stations but also sport venues, road infrastructures and industrial sites can now access accurate and anonymous Spatial Intelligence data, in order to improve operations and increase user safety and satisfaction. Our international team of scientists and engineers drive the development of our solutions from Paris, San Francisco, Sophia-Antipolis (Nice) & Hong Kong. To support our global outreach, we also operate a commercial office in Spain. You can find below an interesting link about who we are and what we do:Insights about OutsightOur Passenger Flow Traffic Monitoring solution is trusted by the world’s leading airports and train stations across 4 continents. Additionally, our Car Traffic Remote Monitoring product is trusted by several Tier 1 customers, including BMW. CONTEXT As Outsight continues to grow globally, we are creating this new role to support the increasing complexity of our business and technology environment. This is a unique opportunity to join at this early stage and build scalable, secure, and efficient internal IT operations that will support our teams across multiple locations. As the company expands, the scope and impact of this role will evolve, offering significant opportunities to shape our global IT and security practices while growing alongside the organization. RESPONSIBILITIES Identity & Access Management (IAM): Architect automated SSO workflows between Google and all 40+ tools. Coordinate with DevSecOps to ensure AWS IAM roles are tied to corporate identity. Global Security Ops: Centralize Cloud MDM to ensure only compliant, company-managed devices can access the AWS production environment. SaaS & Cloud Cost Control: Partner with Finance and DevSecOps to monitor AWS and SaaS spend; eliminate redundant licenses and "orphan" cloud resources. Compliance Lead: Own the technical health of the Bastion/GRC dashboard for continuous ISO/SOC 2 readiness. EXPECTED IMPACT Engineering Velocity: Liberates senior architects and the DevSecOps role from "Corporate IT" tasks (e.g., resetting Slack or managing laptops). Audit Automation: Replaces the current three-month manual access update cycle with real-time, automated monitoring in Bastion. Global Security: Ensures a unified security posture across Paris, SF, and HK, protecting our SaaS product and customer data. Requirements for the role 3–7 years of experience in Corporate IT, IT Operations, Identity Management or Security Operations. Experience managing Google Workspace and enterprise SaaS environments. Experience with SSO, SAML, OAuth and identity providers. Familiarity with Mobile Device Management (MDM) solutions. Experience with AWS IAM concepts is a plus. Exposure to ISO 27001, SOC 2 or similar compliance frameworks is highly valued. Why join us? Be part of the team pioneering Spatial Intelligence solutions at unprecedented scale—the breakthrough technology transforming how the world’s most prestigious airports, infrastructure operators, and smart cities understand and optimize physical flows. As a 7-time Gartner-recognized category-defining leader with dozens of global awards including “Edge AI Product of the Year,” “LiDAR Leader Award,” “CES Best of Innovation” and many more, we’re backed by 37 patents and deployments with the most prestigious (and challenging) customers across four continents. Join our international team of world-class experienced engineers and business leaders solving humanity’s most complex spatial challenges, from passenger flow optimization to autonomous robotics coordination, while working at the cutting edge of 3D AI, LiDAR perception, and real-time analytics. Supported by rock-solid investors including BNP Paribas, BPI France, Energy Innovation Capital and Demeter who back our long-term vision, this is your opportunity to shape how physical and digital worlds interact, with the resources, growth trajectory, and technical challenges that will accelerate your career in ways traditional companies cannot offer. Outsight is an Equal Employment Opportunity employer that pursues and hires a diverse workforce. Outsighters don't make employment decisions on the basis of race, color, religion, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age, military status, or any other basis protected by local, state, or federal laws. Outsight also strives for a healthy and safe workplace, and prohibits harassment of any kind. If you have a disability or special need that requires accommodation, please let us know.