Security Specialist - GRC (W/M/NB)

JobsCloseBy Editorial Insights

Ubisoft is seeking a Security Specialist in GRC to maintain security policies and standards, support compliance, and help Ubisoft stay resilient to risks. You will assess gaps, work with security architects to create and refine policies, maintain a repository, ensure consistency across policy suites, and participate in audits with internal teams. Ideal candidates bring GRC cybersecurity experience, policy drafting ability, IT security fundamentals, and knowledge of GDPR, NIS2 and CRA, plus ISO 27001 or NIST frameworks; English, clear written and verbal communication, and a collaborative mindset. Nice-to-have: auditing experience, GRC tool familiarity, IAM projects, and relevant certifications. Apply with examples of policy work and audits, and align with Ubisoft’s inclusive culture.

Company Description

Ubisoft is a global leader in gaming with teams across the world creating original and memorable gaming experiences, from Assassin’s Creed, Rainbow Six to Just Dance and more. We believe diverse perspectives help both players and teams thrive. If you’re passionate about innovation and pushing entertainment boundaries, join our journey and help us create the unknown!

Job Description

Ubisoft is looking for an Information Security Specialist to join the Security & Risk Management teams, who aim to make Ubisoft fully resilient to risks and threats as an organization and to provide a safe and secure environment that enables teams to work efficiently toward achieving their objectives.

As part of GRC (Governance, Risk and Compliance) team, the role is mainly responsible for maintaining Ubisoft security policies and standards, while also contributing to Ubisoft regulatory compliance activities.

Your main responsibilities will include:

• Assessing gaps in existing cybersecurity policies and standards
• Work with security architects and subject-matter experts to:
  • Create new cybersecurity policies and standards to be submitted for approval by executives and stakeholders
  • Review and recommend modifications/additions to existing policies and standards
• Maintaining a document repository where all cybersecurity-related materials are published and stored
• Ensuring consistency between the various security policies, standards, procedures and guidelines
• Supporting Ubisoft's information security compliance program
• Participating to preparation efforts and response for external audits
• Communicating with internal teams

Qualifications

Background

Significant experience as a cybersecurity consultant or security analyst is required for this position, preferably with:

• A specialization in GRC (governance, risk and compliance), or at least with an interest for regulatory-related security topics
• Prior experience with crafting cybersecurity policies and procedures

Required Skills

• Good understanding of IT systems and security fundamentals
• Knowledge of the major European privacy and cybersecurity laws and regulations (RGPD, NIS2, CRA)
• Knowledge of at least one global security framework (such as ISO 27001, NIST CSF, NIST 800-53, or CIS Controls standards)
• Excellent written and verbal communication skills
• Strong sense of formalism and great attention to detail
• Collaborative mindset
• Fluent English

Nice to Have

• Prior experience in auditing organizational and/or technical security measures
• Prior experience with a GRC tool
• Prior experience in designing or implementing an IAM program
• Holding a CISM, CISSP, or CISA or ISO27001 Implementer/Auditor certification is considered a plus.

Additional Information

Ubisoft's perks 

💰 Profit Sharing, yearly company saving plan. 25 paid time off + 12 additional paid days off. 50% of your Navigo pass is paid by the company, lunch vouchers (9€/day), healthcare for you and your family, and lots of Ubisoft additional perks. 
📍 Our office is located in Saint Mandé, (Metro line 1, Saint Mandé station). Gym available in the building.

Additional Information 

Skills and competencies show up in different forms and can be based on different experiences, that's why we strongly encourage you to apply even though you may not have all the requirements listed above. 
At Ubisoft, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences. 

Check out this guide to help you with your application, and learn about our actions to encourage more diversity and inclusion.