Security Officer

Lengow, an intelligent and automated e-commerce platform :

Lengow is a leader in intelligent e-commerce solutions that help brands and retailers drive profitable growth across the digital shelf. With powerful feed management, global price monitoring, and robust data capabilities, Lengow’s comprehensive SaaS product suite enables merchants to amplify product visibility online, outrun competition with informed pricing, multiply sales on marketplaces, and monitor brand presence among distributors. Since 2009, Lengow has fueled digital growth for over 3,600 customers across thousands of marketing and sales channels in over 60 countries.

As Security Officer, you will be responsible for defining, implementing, and continuously improving Lengow’s information security strategy. You will ensure the confidentiality, integrity, and availability of our systems and data, while enabling business growth and innovation in a secure-by-design manner.

You will work closely with Engineering, Product, Legal, Compliance, IT, and Leadership teams to manage risks, maintain certifications, and respond effectively to security threats.

You will report to our CTO.

⌨️ Your main tasks would be as follows :

Security Strategy & Governance

• Define and maintain Lengow’s global information security strategy and roadmap
• Establish and enforce security policies, standards, and procedures
• Act as the main point of contact for security topics internally and externally
• Report on security posture, risks, and incidents to leadership
• Build and maintain a continuous improvement plan

Risk Management & Compliance

• Identify, assess, and manage security risks across infrastructure, applications, and processes
• Lead and maintain compliance programs (e.g. ISO 27001, SOC 2, GDPR, customer security requirements)
• Coordinate internal and external audits, penetration tests, and risk assessments
• Manage third-party and vendor security assessments

Technical & Operational Security

• Oversee application, cloud, and infrastructure security (GCP/OVH)
• Collaborate with engineering teams to embed security best practices (secure coding, CI/CD, DevSecOps)
• Define and monitor security controls (IAM, logging, monitoring, vulnerability management)

Incident Management

• Own and continuously improve the incident response plan
• Lead or coordinate responses to security incidents and breaches
• Conduct post-incident reviews and drive corrective actions

Awareness & Culture

• Promote a strong security culture across Lengow
• Design and deliver security awareness and training programs
• Support teams with pragmatic, business-oriented security guidance

Support the Sales and Sales Engineering teams for Security Topics

• Adapt internal documentation to make it ready for RFI and RFP processes
• Participate in security calls with prospects and customers

Technical environment:

• Actual Tools : Knowbe4/ Wazuh (OVH)/ Cloudarmor (GCP)/ CyberVadis

Hiring Process :

• Phone call with Alexandre our HR
• Interview with Clément our VP engineering and Clément one of Engineering manager
• Technical discussion with Clément and Olivier our CTO
• Offer letter

Requirements

We are looking for someone with the following experiences and skills:

Must-Have

• 5+ years of experience in information security, cybersecurity, or risk management
• Strong knowledge of cloud and SaaS security architectures
• Experience with security frameworks and standards (ISO 27001, SOC 2, NIST, CIS)
• Solid understanding of GDPR and data protection principles
• Experience managing audits, security assessments, and customer security questionnaires
• Ability to translate technical risks into business impact
• Ability to communicate clearly in a sales environment
• Collaboration skills
• Fosters collaboration between the team.
• Actively manages alignment with other teams.
• Maintains transparency by being collaborative and communicating clearly and timely with directs, across teams, and upward.
• Share back relevant information from senior leadership to the team (ex, business strategy, tech strategy, etc.).

Nice-to-Have

• Experience in e-commerce, SaaS, or high-scale data platforms
• Certifications such as ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent
• Experience with DevSecOps practices and modern CI/CD pipelines
• Prior experience in an international or fast-growing tech environment

Soft Skills

• Pragmatic, solution-oriented mindset (security as an enabler, not a blocker)
• Ability to work autonomously and prioritize in a dynamic environment
• Leadership and influence without necessarily having direct reports

Benefits

✨ Joining Lengow is also an opportunity to benefit from many advantages :

• Ticket restaurant 8 euros by day
• Malakoff Humanis Private insurance & Prevoyance.
• 3 Remote days per week
• Flexible hours
• Bike mileage allowances or 50% of transportation tickets.
• Remote allowances
• Professional events (Devoxx, Meetup ...) and regular internal cohesion.
• Weekly Happy Break on Thursday Evening at the office with food and beverage
• Syntec forfait jours with RTT - 218 annual working days, ie minimum 9 days off on top of 5 weeks legal paid leave
• Choose your laptop OS. You can work on MacOS, Windows or Linux.