Senior GRC / ISO 27001 Program Lead [Freelance]

Equativ is a leading independent advertising platform that connects advertisers and publishers to deliver seamless video and audiovisual experiences worldwide. In a data-driven ecosystem, the trust and security of our infrastructure are at the core of our value proposition.

Reporting to the VP IT & Security, you will take direct ownership of the ISO 27001 certification program, to be delivered within a tight 12-month timeframe. You will design and execute the roadmap end-to-end: scoping, risk analysis, controls deployment, ISMS implementation, internal audit, and certification audit management.

The tight timeline requires a senior, autonomous profile, operational from day one, able to make decisions, mobilize cross-functional teams (Tech, Product, Sales, Ops, Legal, HR) and bring the entire company on board.

• Define and own the certification roadmap: milestones, deliverables, dependencies, workload plan.

• Build and operate the Information Security Management System (ISMS): policies, procedures, Statement of Applicability (SoA), risk treatment plan.

• Conduct and maintain risk assessments on critical assets using a recognized methodology (EBIOS RM, ISO 27005 or equivalent — operational mastery of at least one method is required).

• Implement permanent controls and the ISMS internal audit program.

• Translate security topics for non-technical audiences (Sales, Marketing, Finance, HR).

• Design and roll out the security awareness and training plan.

• Make daily use of generative AI tools (assistants, agents, automations) to accelerate documentation, gap analysis, controls mapping, customer questionnaire handling and reporting.

• Promote AI usage best practices within the security perimeter, in line with confidentiality requirements.

• In-depth mastery of ISO 27001 / 27002 and the ISMS.

• Operational mastery of at least one risk analysis methodology (EBIOS RM or ISO 27005).

• Daily and advanced use of AI tools to automate and accelerate one's own work.

• Start date: ASAP (certification target within 12 months)

• Location: Paris (headquarters) — on-site presence required