Security Specialist - GRC (W/M/NB)

Ubisoft is a global leader in gaming with teams across the world creating original and memorable gaming experiences, from Assassin’s Creed, Rainbow Six to Just Dance and more. We believe diverse perspectives help both players and teams thrive. If you’re passionate about innovation and pushing entertainment boundaries, join our journey and help us create the unknown!

Ubisoft is looking for an Information Security Specialist to join the Security & Risk Management teams, who aim to make Ubisoft fully resilient to risks and threats as an organization and to provide a safe and secure environment that enables teams to work efficiently toward achieving their objectives.

As part of GRC (Governance, Risk and Compliance) team, the role is mainly responsible for maintaining Ubisoft security policies and standards, while also contributing to Ubisoft regulatory compliance activities.

Your main responsibilities will include:

• Assessing gaps in existing cybersecurity policies and standards
• Work with security architects and subject-matter experts to:
  • Create new cybersecurity policies and standards to be submitted for approval by executives and stakeholders
  • Review and recommend modifications/additions to existing policies and standards
• Maintaining a document repository where all cybersecurity-related materials are published and stored
• Ensuring consistency between the various security policies, standards, procedures and guidelines
• Supporting Ubisoft's information security compliance program
• Participating to preparation efforts and response for external audits
• Communicating with internal teams

Background

Significant experience as a cybersecurity consultant or security analyst is required for this position, preferably with:

• A specialization in GRC (governance, risk and compliance), or at least with an interest for regulatory-related security topics
• Prior experience with crafting cybersecurity policies and procedures

Required Skills

• Good understanding of IT systems and security fundamentals
• Knowledge of the major European privacy and cybersecurity laws and regulations (RGPD, NIS2, CRA)
• Knowledge of at least one global security framework (such as ISO 27001, NIST CSF, NIST 800-53, or CIS Controls standards)
• Excellent written and verbal communication skills
• Strong sense of formalism and great attention to detail
• Collaborative mindset
• Fluent English and French

Nice to Have

• Prior experience in auditing organizational and/or technical security measures
• Prior experience with a GRC tool
• Prior experience in designing or implementing an IAM program
• Holding a CISM, CISSP, or CISA or ISO27001 Implementer/Auditor certification is considered a plus.

Ubisoft's perks 

💰 Profit Sharing, yearly company saving plan. 25 paid time off + 12 additional paid days off. 50% of your Navigo pass is paid by the company, lunch vouchers (9€/day), healthcare for you and your family, and lots of Ubisoft additional perks. 
📍 Our office is located in Saint Mandé, (Metro line 1, Saint Mandé station). Gym available in the building.

Additional Information 

Skills and competencies show up in different forms and can be based on different experiences, that's why we strongly encourage you to apply even though you may not have all the requirements listed above. 
At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences.