Security Lead

About The Position

Requirements

• Proven people leadership experience in security or security-adjacent teams, with a track record of developing talent.
• Ability to provide clarity and direction, setting a clear agenda with structured ownership.
• Comfortable setting direction and executing technically; understanding the product and contributing to product-led discussions.
• Judgment to distinguish between noise and signal, protecting team focus.
• Experience making pragmatic risk decisions, understanding security as an enabler.
• Clear point of view on AI security, including LLM security, agent risks, and AI governance.
• Experience designing frameworks for safe AI adoption.
• Knowledge of current AI security developments (e.g., OWASP LLM Top 10, MITRE ATLAS, EU AI Act).
• Experience using AI for security tasks like threat detection and compliance automation.
• Experience leading at least one full ISO 27001 certification or recertification cycle.
• Fluency with regulations such as DORA, HDS, RGPD, NIS2, and PGSSI-S, and ability to translate them into technical controls.
• Experience in or closely with regulated industries.
• Experience running security risk cartography (ideally with EBIOS RM).
• Experience running vendor security assessments and defining contractual security requirements.
• Ability to influence without authority and align various departments on security requirements.
• Ability to communicate risk to non-technical audiences, including executives and the board.
• Experience building security culture through effective awareness programs.
• Comfort with async communication, written-first thinking, and working across time zones.

Nice To Haves

• Experience in the health sector.
• Understanding of the ANS framework, CERT Santé requirements, and operational handling of sensitive health data.
• Experience partnering with Risk and Audit functions without duplicating work.

Responsibilities

• Lead the security team and the security topic.
• Own security in the AI era, including LLM security, agent risks, and AI governance.
• Scale security practices and compliance across 10+ countries.
• Build and evolve Alan's security strategy.
• Develop talent within the security team through coaching and structuring.
• Set clear agendas and priorities for the security team.
• Contribute to product-led discussions with a strong understanding of how the product works.
• Make sensible risk decisions and ensure security enables the business.
• Design frameworks for safe AI adoption.
• Track and translate AI security developments (e.g., OWASP LLM Top 10, MITRE ATLAS, EU AI Act) into actionable priorities.
• Use AI to accelerate threat detection, automate compliance evidence, and improve team throughput.
• Lead ISO 27001 ISMS certification or recertification cycles.
• Translate regulatory requirements (DORA, HDS, RGPD, NIS2, PGSSI-S) into technical controls.
• Run security risk cartography, ideally with EBIOS RM.
• Manage vendor security assessments and define contractual security requirements.
• Align Legal, DPO, Risk, Engineering, Product, and Operations on security requirements.
• Communicate risk effectively to non-technical audiences, including the board.
• Build security culture through relevant and well-designed awareness programs.
• Work effectively in a distributed, written-first culture across different countries and time zones.

Benefits

• Integration of insurance, prevention, and care into a single user experience.
• Opportunity to build a global leading company with a unique culture.
• Work with a team of 800+ people.
• Opportunity to shape the future of prevention insurance.