Governance, Risk & Compliance Specialist

🧡 About Alma

At Alma, we believe sustainable commerce depends on fair, well‑balanced trade. Because finance plays a pivotal role in business, our mission is to put it back in its rightful place - serving merchants and consumers.

Our installment and deferred payment solutions help merchants boost sales by 20% or more, increase customer loyalty, and deliver a seamless shopping experience - without encouraging bad debt.

As the buy now pay later leader in France and active in 10 European countries, we've empowered over +25,000 merchants and 10 million consumers.

With 380+ Almakers and €100M+ ARR, Alma is scaling rapidly across Europe as a member of the Next40, and we're just getting started!

👐 About the team 

Alma is a licensed payment institution (ACPR-approved), processing millions of transactions across France and Europe. The regulatory environment has materially tightened: DORA entered into force in January 2025, NIS 2 is now transposed in France, and ACPR oversight is intensifying. To meet this moment, Barbara, our Head of IT & Security is actively building and structuring the IT & Security function. The team currently counts 6 people, with profiles covering infrastructure, security operations, and IT.

This position is permanent role (CDI) based in Paris. 

💼 About the job

Regulatory compliance: DORA, NIS 2 & ACPR

• Build Alma's DORA and NIS 2 compliance roadmap: conduct gap analysis, define remediation priorities, and track execution

• Coordinate cross-functional requirements with Finance, Legal, and Engineering to maintain a consistent regulatory posture

Security risk mapping

• Own and maintain the Security Risk Map (Risk Map 2026): expand its cyber/InfoSec coverage and enrich risk scoring

• Connect risk findings to structured remediation plans and report progress to the CISO on a regular cadence

Security policies & audit readiness

• Formalize, update, and enforce security policies and procedures across the organization

• Lead evidence collection and audit response for external reviews (ACPR inspections, SOC 2 Type II, ISO 27001 roadmap)

Security governance & cross-functional bridge

• Translate regulatory requirements into actionable plans for both technical teams (Engineering, SRE) and business stakeholders (Legal, Compliance, Executive)

• Structure and maintain Alma's security governance framework: contracts, technical clauses, internal security awareness

🧰 You will work with

Slack, Vanta, Linear, Notion, Google Suite, Dust.

🧩 About you

To succeed in this job

• You've developed 3 to 5 years of experience in a GRC role, with a proven ability to make complex regulatory topics genuinely accessible to non-technical audiences
• You have a track record of managing cross-functional security projects and coordinating multiple stakeholders simultaneously
• You communicate with confidence across functions, translating complex regulatory requirements into clear, actionable language for any audience — engineers, executives, or external auditors

And it will be nice if you also

• Have hands-on experience responding to official audits or regulatory reviews (SOC 2 Type II, ISO 27001, CAC, ACPR, or equivalent)
• have erior experience in or with an ACPR-licensed entity or financial institution
• have experience with GRC tooling (Vanta or equivalent).

Don't meet every single requirement? At Alma, we believe great hires come from diverse paths. If this role excites you, we encourage you to apply. We value potential, curiosity and the ability to grow as much as experience.

🧘 What’s in it for you

If you join, you will be able to grow and impact on:

• Real ownership from day one, with direct CISO access and strategic visibility on topics that directly affect Alma's ability to operate as a licensed payment institution.
• Security Project Management as your work will shape Alma's security posture for the long term. You'll have the space to grow into the role and be supported throughout.
• The security team. You'll be joining a small, high-trust team. Collaboration is at the core of how we work and major decisions involve the team, and your perspective matters. We value continuous learning, open feedback, and mutual support.

🤑 Compensation & benefits

• Competitive salary based on 12 months
• Profit-sharing and employee savings plan
• Health insurance: 100% covered by Alma including family package
• Disability insurance: 100% covered by Alma
• Sport: partnerships with Gymlib and Classpass, or €30/month reimbursement for your sports activities
• Maternity/paternity leave: salary maintained at 100% during leave with no seniority requirement. Return to work at 4/5 schedule paid at 100% for 8 weeks.
• Sustainable Mobility Package (FMD): €544.80/year (excluding full-remote contracts)
• Meal vouchers: €10/day, 50% covered by Alma
• Mental health: free access to MindDay platform
• Paid time off: 25 days/year ****(+ additional paid leave granted for employees on executive contracts)
• Access to our Learning & Development Platform
• 2 weeks of full remote possible per year in summer

🎯 Interview Process

• Video call with a Talent Acquisition team member to understand your path, motivation & present you the role.
• Video call with your future manager to deep dive the role, the team, your profile and answer all your questions.
• Case study presentation with 2 - 3 team members (ideally in house) to assess your practical knowledge**.**
• 1 or 2 additional interviews customized to the role's level to further assess your skills and team fit.

🌍 Diversity & Inclusion

At Alma, we believe that diversity fuels innovation and makes our community stronger. We are committed to building a workplace where every person feels seen, respected, and empowered to do their best work whatever their gender, background, ethnicity, age, sexual orientation, religion, disability or lived experience. As an equal opportunity employer, we welcome applicants from all walks of life, and all employment decisions are made based on qualifications, merit, and business needs.