← BACK_TO_JOBS

Governance, Risk & Compliance Specialist

Alma31 · Paris, Paris, France · posted 1 weeks ago
FULL_TIME Legal
▶ JOB_DESCRIPTION

🧡 About Alma

At Alma, we believe sustainable commerce depends on fair, well‑balanced trade. Because finance plays a pivotal role in business, our mission is to put it back in its rightful place - serving merchants and consumers.

Our installment and deferred payment solutions help merchants boost sales by 20% or more, increase customer loyalty, and deliver a seamless shopping experience - without encouraging bad debt.

As the buy now pay later leader in France and active in 10 European countries, we've empowered over +25,000 merchants and 10 million consumers.

With 380+ Almakers and €100M+ ARR, Alma is scaling rapidly across Europe as a member of the Next40, and we're just getting started!

👐 About the team

Alma is a licensed payment institution (ACPR-approved), processing millions of transactions across France and Europe. The regulatory environment has materially tightened: DORA entered into force in January 2025, NIS 2 is now transposed in France, and ACPR oversight is intensifying. To meet this moment, Barbara, our Head of IT & Security is actively building and structuring the IT & Security function. The team currently counts 6 people, with profiles covering infrastructure, security operations, and IT.

This position is permanent role (CDI) based in Paris.

💼 About the job

Regulatory compliance: DORA, NIS 2 & ACPR

Build Alma's DORA and NIS 2 compliance roadmap: conduct gap analysis, define remediation priorities, and track execution

Coordinate cross-functional requirements with Finance, Legal, and Engineering to maintain a consistent regulatory posture

Security risk mapping

Own and maintain the Security Risk Map (Risk Map 2026): expand its cyber/InfoSec coverage and enrich risk scoring

Connect risk findings to structured remediation plans and report progress to the CISO on a regular cadence

Security policies & audit readiness

Formalize, update, and enforce security policies and procedures across the organization

Lead evidence collection and audit response for external reviews (ACPR inspections, SOC 2 Type II, ISO 27001 roadmap)

Security governance & cross-functional bridge

Translate regulatory requirements into actionable plans for both technical teams (Engineering, SRE) and business stakeholders (Legal, Compliance, Executive)

Structure and maintain Alma's security governance framework: contracts, technical clauses, internal security awareness

🧰 You will work with

Slack, Vanta, Linear, Notion, Google Suite, Dust.

🧩 About you

To succeed in this job

  • You've developed 3 to 5 years of experience in a GRC role, with a proven ability to make complex regulatory topics genuinely accessible to non-technical audiences
  • You have a track record of managing cross-functional security projects and coordinating multiple stakeholders simultaneously
  • You communicate with confidence across functions, translating complex regulatory requirements into clear, actionable language for any audience — engineers, executives, or external auditors

And it will be nice if you also

  • Have hands-on experience responding to official audits or regulatory reviews (SOC 2 Type II, ISO 27001, CAC, ACPR, or equivalent)
  • have erior experience in or with an ACPR-licensed entity or financial institution
  • have experience with GRC tooling (Vanta or equivalent).

Don't meet every single requirement? At Alma, we believe great hires come from diverse paths. If this role excites you, we encourage you to apply. We value potential, curiosity and the ability to grow as much as experience.

🧘 What’s in it for you

If you join, you will be able to grow and impact on:

  • Real ownership from day one, with direct CISO access and strategic visibility on topics that directly affect Alma's ability to operate as a licensed payment institution.
  • Security Project Management as your work will shape Alma's security posture for the long term. You'll have the space to grow into the role and be supported throughout.
  • The security team. You'll be joining a small, high-trust team. Collaboration is at the core of how we work and major decisions involve the team, and your perspective matters. We value continuous learning, open feedback, and mutual support.

🤑 Compensation & benefits

  • Competitive salary based on 12 months
  • Profit-sharing and employee savings plan
  • Health insurance: 100% covered by Alma including family package
  • Disability insurance: 100% covered by Alma
  • Sport: partnerships with Gymlib and Classpass, or €30/month reimbursement for your sports activities
  • Maternity/paternity leave: salary maintained at 100% during leave with no seniority requirement. Return to work at 4/5 schedule paid at 100% for 8 weeks.
  • Sustainable Mobility Package (FMD): €544.80/year (excluding full-remote contracts)
  • Meal vouchers: €10/day, 50% covered by Alma
  • Mental health: free access to MindDay platform
  • Paid time off: 25 days/year ****(+ additional paid leave granted for employees on executive contracts)
  • Access to our Learning & Development Platform
  • 2 weeks of full remote possible per year in summer