Bonitasoft Benefits

---

Are you a cybersecurity expert ready to influence security strategy while staying close to operations? At Bonitasoft, we’re seeking a senior-level Information Security Officer who’s hands-on, pragmatic, and ready to lead cross-functional initiatives to enhance our security posture.You’ll take the lead in defining and maintaining our cybersecurity roadmap, steering both governance and operational topics. With a wide scope of impact, this is your chance to drive strategy, enable teams, and protect our SaaS platform as it evolves, especially in AI-driven contexts.

Responsibilities

Set a strategic direction for security across the company

• You’ll own and evolve Bonitasoft’s cybersecurity roadmap, ensuring it stays aligned with business priorities and future-ready.
• By monitoring emerging threats and evolving standards (ISO27001:2022, OWASP, ENISA, NIST), you'll anticipate risks early and turn them into strategic action, helping Bonitasoft remain a trusted and resilient SaaS provider.

Elevate trust through strong governance and compliance

• By managing our ISMS and leading ISO27001 certification efforts, you'll ensure compliance isn’t just a checkbox, but a living practice that reinforces customer trust.
• Your updates to policies and audits will streamline internal processes and build confidence with partners, auditors, and regulators.

Strengthen our defenses through hands-on operations

• Together with the IT and Engineering teams, you’ll spend 20–30% of your time on core security operations like SIEM monitoring, CVE tracking, and incident response coordination.
• This hands-on involvement helps you continuously improve our detection and response capabilities, making Bonitasoft faster, safer, and more resilient to evolving cyber threats.

Embed security into every layer of product development

• From platform architecture to AI-driven features, you’ll bring a security-by-design mindset to every initiative.
• By reviewing architectures and enabling secure development practices (SBOM, SAST, threat modeling), you’ll prevent vulnerabilities early and empower engineering teams to build secure products with confidence.

Build a culture where everyone owns security

• You’ll lead company-wide awareness programs and coach teams from developers to sales reps, on real-world security risks and behaviors.
• Your ability to turn complex concepts into actionable best practices will help create a security-first culture across the company.

Be a trusted voice for our customers and partners

• Whether responding to RFPs or handling audits, you’ll act as the security point of contact for clients, prospects, and partners, ensuring transparency and building long-term trust.
• Your responsiveness and clarity will enhance Bonitasoft’s reputation as a secure, reliable partner.

Your first 6 months

From day one, you’ll have the autonomy and structure to grow into a strategic role with real impact along the way. Here's what to expect in your first months:

Month 1 : Get familiar with Bonitasoft’s tools, security landscape, and existing routines. Start contributing to key operational tasks and understand how security connects across the company.

Month 2 Take ownership of daily security routines, steer ISMS-related activities, handle incident resolution, and begin engaging with internal teams and external stakeholders.

Month 4 : Lead execution of the cybersecurity roadmap, support internal awareness initiatives, and carry out full product security reviews with increasing independence.

Month 6 : Deliver a strategic roadmap update based on risk and threat evaluations. Drive cross-functional security initiatives and represent Bonitasoft in high-stakes audits and strategic decisions.

About you

We’re looking for a pragmatic, strategic thinker who’s also ready to roll up their sleeves. Here’s what will help you succeed:

• Senior experience in cybersecurity in a SaaS, software, or tech product company
• Mastery of ISMS frameworks and ISO27001 certification processes
• Solid hands-on experience in SIEM, vulnerability management, and incident response
• Familiarity with CI/CD pipelines, cloud security, and secure development practices
• Clear communication skills in both French & English

Nice-to-have

• Knowledge of AI-related security risks (e.g., data leakage, prompt injection)
• Understanding of SaaS multi-tenant architecture, Kubernetes, or DevSecOps
• Relevant certifications: CISSP, CISM, ISO27001 Lead Implementer/Auditor

Hiring process

1. Introduction with our Talent Acquisition
2. Put your skills into action : Complete a technical challenge.
3. Meet with Victor (IT Manager). This will be an opportunity to talk about the challenges and opportunities related to the role.
4. Wrap-up interview with our VP of People

Department

IT

Role

Information Security Officer

Locations

France

Remote status

Fully Remote

Yearly salary

€65,000 - €70,000

Employment type

Full-time