GRC, Information & Security Manager

GRC, Information & Security Manager

About H:

H exists to push the boundaries of superintelligence with agentic AI. By automating complex, multi-step tasks typically performed by humans, AI agents will help unlock full human potential.

H is hiring the world’s best AI talent, seeking those who are dedicated as much to building safely and responsibly as to advancing disruptive agentic capabilities. We promote a mindset of openness, learning, and collaboration, where everyone has something to contribute.

Key Responsibilities:

Security Governance & Compliance

• Lead and oversee certification processes, maintaining SOC 2 Type 2 compliance and being able to drive adoption of ISO 27001 and ISO 27701 as the company grows.

• Ensure compliance with GDPR, the EU AI Act and Cyber Resilience Act, staying ahead of regulatory changes that affect our product and operations.

• Maintain comprehensive security controls documentation and compliance records.

• Act as the primary security contact for enterprise clients.

• Assist sales and go-to-market teams by completing security questionnaires and clearly communicating our security posture to potential customers.

Cloud Security & Technical Oversight

• Audit cloud provider controls and security configurations (AWS).

• Enforce robust access management practices and security controls across our infrastructure.

• Partner with engineering to embed secure development practices throughout the SDLC.

Security Policy & Documentation

• Draft, maintain, and enforce company-wide security policies that are practical and scalable.

• Conduct security risk assessments and develop actionable mitigation strategies.

• Foster a strong security culture through internal guidelines, training, and awareness initiatives.

Operations & Incident Response

• Monitor for security incidents and ensure response procedures are well-defined, tested, and effective.

• Coordinate regular security audits and penetration testing engagements.

• Continuously evaluate and recommend security tools, automation, and frameworks

About You

• 5+ years of experience in security roles (Security Officer, GRC Manager, or Security Engineer).

• Expertise in SOC 2 and/or ISO 27001 compliance frameworks.

• Solid understanding of cloud security best practices in a scale-up environment.

• Experienced in writing and implementing security policies that are practical and enforceable.

• Biased for action : you identify and drive security improvements without waiting to be asked.

• A fast learner able to stay ahead of the fast moving regulatory landscape

• Meticulous in documenting and enforcing security policies.

• Able to communicate security concepts clearly to both technical and non-technical audiences.

• Collaborative and effective working with engineers, compliance stakeholders, and leadership.

Nice to Have

• Experience with AI governance frameworks (ISO 42001) or emerging AI-related certifications.

• Background of building security programs from the ground up in a high-growth startup.

• Familiarity with security automation tools that streamline compliance workflows.

• Hands-on experience with incident response planning and crisis management.

• French speaker.

Location: Paris office, France

This role is hybrid, and you are expected to be in the office 3 days a week on average.

Please expect some travels between offices.

What We Offer:

Join the exciting journey of shaping the future of AI, and be part of the early days of one of the hottest AI startups.

Collaborate with a fun, dynamic, and multicultural team, working alongside world-class AI talent in a highly collaborative environment.

Enjoy a competitive salary.

Unlock opportunities for professional growth, continuous learning, and career development.

If you want to change the status quo in AI, join us.