Senior GRC Engineer

Aircall is a unicorn AI‑powered customer communications platform used by 22,000+ companies worldwide to drive revenue, faster resolutions, and scale. We’re redefining what a customer communications platform can be—by combining voice, SMS, WhatsApp, and AI into one seamless workspace. Our momentum comes from a simple but powerful idea: help every customer‑facing team work smarter, not harder. Aircall’s AI Voice Agent automates routine calls, AI Assist streamlines post‑call tasks, and AI Assist Pro delivers real‑time guidance that helps people do their best work. The result—companies grow revenue, deliver faster resolutions, and scale service. We’ve built a product customers love and a business that scales fast. Aircall operates in nine global offices (Paris, New York, San Francisco, Sydney, Madrid, London, Berlin, Seattle, and Mexico City), and is backed by world‑class investors. Our teams are shipping AI innovation faster than ever and expanding across new product lines and markets. At Aircall, you’ll join a company in motion—ambitious, profitable, and product‑driven—where impact is visible, decisions are fast, and growth is real. How We Work at Aircall At Aircall, we believe in customer obsession, continuous learning, and delivering extraordinary outcomes. We value open collaboration, taking ownership, and making smart, informed decisions with speed and precision. If you thrive in a fast‑paced, team‑driven environment where curiosity, trust, and impact matter, you’ll fit right in. Aircall is seeking an experienced Information Security Manager to take ownership of Aircall’s information security strategy, governance, and risk management practices. This person will serve as the central coordinating and orchestrating function for all branches of Information Security, ensuring that our security, IT, privacy and product teams are aligned, accountable, and operating against a unified framework. This individual will build and mature our governance, policy, and compliance foundations; ensure readiness against major security frameworks; and drive a security‑first culture across the organization. This role will sit within the CTO (Technology) organization, alongside Security & Infrastructure Engineering building the security foundation of a future Governance, Risk & Compliance (GRC) function. Key Responsibilities Develop and maintain the company‑wide security strategy, policies, and governance frameworks. Ensure ongoing compliance with SOC 2, GDPR, NIST. Determine, in conjunction with the other security stakeholders, the company’s strategy to pursue additional certifications) and other relevant global security standards (e.g., ISO27001). Participate in building the Governance, Risk & Compliance (GRC) function, aligning with privacy, compliance, and enterprise risk function; maintain and execute against a risk matrix. Ensure that each branch of Information Security (Product Security, IT Security, GTM, Vendor Due Diligence, Customer facing topics; Governance, Policies & Audits) is performing its responsibilities effectively and operating in a coordinated manner. Lead enterprise‑wide security risk assessments, gap analyses, and mitigation planning. Partner closely with Legal/Privacy on regulatory obligations, including GDPR, data residency requirements, and incident reporting. Oversee vendor risk management and security due diligence, ensuring consistent assessment standards and cross‑functional alignment. Build and manage a scalable vendor security program, including due diligence, remediation, and monitoring. Maintain and refine incident response policies, workflows, roles, and communication procedures. Coordinate cross‑functional participation during security events, ensuring documentation, communication, and post‑incident reporting. Serve as the point of escalation for major security events. Ensure clear reporting lines, accountability, and coordination between IT Security and Engineering/Product Security. Work closely with IT, Product, Engineering, and Data teams to embed security‑by‑design throughout the development lifecycle. Manage dotted‑line reporting relationships with Security Engineers and IT team members, ensuring unified strategic direction while respecting functional dependencies. Represent Information Security to the Board, Audit Committee, customers, and regulators, as needed. Lead company‑wide security training and awareness initiatives. Promote a security‑first culture across all functions, ensuring employees understand their role in protecting company and customer data. Qualifications 8+ years of experience in Information Security, including security governance or GRC leadership roles within SaaS or cloud‑based companies. Deep knowledge of SOC2, ISO27001, NIST, GDPR, and modern security frameworks. Hands‑on experience with GRC platform (Drata, One Trust, Vanta etc.). Experience leading cross‑functional initiatives and managing multiple stakeholders. Experience with risk management, vendor security, and policy development. Proven ability in dealing with incident response and security operations. Strong communication skills, with experience presenting to executives or boards. $180,000 - $200,000 a year (not including equity and other benefits; the actual salary offered will carefully consider a wide range of factors, including your skills, qualifications, and experience). Why join us? Key moment to join Aircall in terms of growth and opportunities ♀️ Our people matter, work‑life balance is important at Aircall Fast‑learning environment, entrepreneurial and strong team spirit 45+ Nationalities: cosmopolite & multi‑cultural mindset Competitive salary package & equity Medical, dental, and vision insurance is 100% covered 401k plan with company matching! ✈️Unlimited PTO — take the time you need to come to work feeling great! ⭐️Wellness, commuter, and childcare reimbursements Generous parental leave policy DE&I Statement At Aircall, we believe diversity, equity and inclusion – irrespective of origins, identity, background and orientations – are core to our journey. We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. We’re working to create a place filled with diverse people who can enrich and learn from one another. We’re committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive. We will constantly challenge ourselves to make sure that we live up to our ambitions around diversity, equity and inclusion, and keep this conversation open. Above all else, we understand and acknowledge that we have work to do and much to learn. Want to know more about candidate privacy? Candidate Privacy Notice here. #J-18808-Ljbffr