Security Specialist - GRC (W/M/NB)

Ubisoft is looking for an Information Security Specialist to join the Security & Risk Management teams, who aim to make Ubisoft fully resilient to risks and threats as an organization and to provide a safe and secure environment that enables teams to work efficiently toward achieving their objectives.

As part of GRC (Governance, Risk and Compliance) team, the role is mainly responsible for maintaining Ubisoft security policies and standards, while also contributing to Ubisoft regulatory compliance activities.

Your main responsibilities will include:

• Assessing gaps in existing cybersecurity policies and standards
• Work with security architects and subject-matter experts to:

• Create new cybersecurity policies and standards to be submitted for approval by executives and stakeholders
• Review and recommend modifications/additions to existing policies and standards

• Maintaining a document repository where all cybersecurity-related materials are published and stored
• Ensuring consistency between the various security policies, standards, procedures and guidelines
• Supporting Ubisoft's information security compliance program
• Participating to preparation efforts and response for external audits
• Communicating with internal teams

Significant experience as a cybersecurity consultant or security analyst is required for this position, preferably with:

• A specialization in GRC (governance, risk and compliance), or at least with an interest for regulatory-related security topics
• Prior experience with crafting cybersecurity policies and procedures, * Good understanding of IT systems and security fundamentals
• Knowledge of the major European privacy and cybersecurity laws and regulations (RGPD, NIS2, CRA)
• Knowledge of at least one global security framework (such as ISO 27001, NIST CSF, NIST 800-53, or CIS Controls standards)
• Excellent written and verbal communication skills
• Strong sense of formalism and great attention to detail
• Collaborative mindset
• Fluent English

Nice to Have

• Prior experience in auditing organizational and/or technical security measures
• Prior experience with a GRC tool
• Prior experience in designing or implementing an IAM program
• Holding a CISM, CISSP, or CISA or ISO27001 Implementer/Auditor certification is considered a plus.

Ubisoft is a global leader in gaming with teams across the world creating original and memorable gaming experiences, from Assassin's Creed, Rainbow Six to Just Dance and more. We believe diverse perspectives help both players and teams thrive. If you're passionate about innovation and pushing entertainment boundaries, join our journey and help us create the unknown!