Senior Security & Compliance Project Manager

What You'll Do:

• Joining the Trust & Compliance team means stepping into the engine room of security strategy at a fast-moving tech company.
• A front-row seat to how security drives innovation in a data and AI-driven company.
• A strong cross-functional culture: you'll work with security engineers, architects, product managers, legal, compliance, and ops.
• A real project ownership opportunity - not just tracking tasks, but designing how compliance happens at scale.
• The freedom to propose, improve, and automate - we value people who bring structure and clarity, then move fast to deliver.

As a Senior Security & Compliance Project Manager, you will drive key security and compliance initiatives across Criteo. Your role is transversal and strategic: identifying and qualifying risks, defining priorities, aligning stakeholders, and ensuring consistent execution - from vision to delivery.

You might also own topics such as writing standards / policies, risk management, third party risk management, ISO27001, SOC2, SOX and other of the team initiatives.

Key responsibilities:

• Lead strategic security GRC programs
• Manage risks
• Define and structure security compliance projects (ISO27001, SOC2, NIST, internal control plans...).
• Turn strategy into actionable roadmaps and clear milestones.
• Lead end-to-end project delivery across multiple teams (Security, Engineering, Infrastructure, Physical Sites, Legal, etc.).
• Facilitate and energize collaborative workshops and steering committees.
• Be a trusted partner for technical teams
• Bridge the gap between compliance and engineering -technical knowledge and security expertise are key.
• Coordinate audit activities, from preparation to closure (internal and external).
• Review technical designs to ensure alignment with security best practices.

Drive the security audit lifecycle

• Plan and lead major security audits and assessments (SOC2, ISO27001, NIST...).
• Drive evidence collection in collaboration with all involved stakeholders.
• Orchestrate and follow-up the remediation of findings.
• Contribute to the team's transversal missions
• Participate in SOX legal audit, third party risk management, clients security questionnaires, and due diligence.
• Support the creation of clear, structured, and actionable security documentation (policies, standards...).
• Write security GRC documentation (Information security policies, Technical security standards using technical knowledge).

Who You Are:

Educational Background:

• Master's degree in Information Security, Computer Science, or a related field.
• Additional certifications in security governance or compliance frameworks (e.g., ISO27001 Lead Auditor/Implementer, CISA, CISSP, or similar) are highly valued.
• Continuous professional development in areas such as risk management, audit methodologies, and regulatory compliance.

Skills and Experience:

• You have experience in security GRC, compliance, or risk management.
• You are used to working with engineering teams, and you have a passion for it. You understand the basics of authentication, encryption, access control, threat modeling, etc., and you know how to talk to engineers.
• You know how to structure and lead complex, multi-team projects in a fast-paced, agile environment.

Soft Skills:

• You're a doer: autonomous, resourceful, and driven by the impact you will have, you're able to deal with ambiguities in your missions
• You're a strong communicator: you make complexity simple, align stakeholders, and keep the train moving
• Adopt a solution-oriented and action-driven mindset: When faced with a problem, focus on identifying and sharing potential solutions, implementing the best one, and documenting the process to prevent recurrence. Automate the solution where possible.
• You speak fluent English. French is a plus but not mandatory.

We acknowledge that many candidates may not meet every single role requirement listed above. If your experience looks a little different from our requirements but you believe that you can still bring value to the role, we'd love to see your application!

Who We Are:

Criteo is a leader in commerce media, helping brands, agencies, and publishers create meaningful consumer connections through AI-powered advertising solutions. We're shaping a more open and sustainable digital future for advertising.

At Criteo, our culture is as unique as it is diverse. From our offices across the globe or from the comfort of home, our 3,600 Criteos collaborate together to build an open, impactful, and forward-thinking environment.

We foster a workplace where everyone is valued, and employment decisions are based solely on skills, qualifications, and business needs-never on non-job-related factors or legally protected characteristics.

What We Offer:

🏢 Ways of working - Our hybrid model blends home with in-office experiences, making space for both.
📈 Grow with us - Learning, mentorship & career development programs.
💪 Your wellbeing matters - Health benefits, wellness perks & mental health support.
🤝 A team that cares - Diverse, inclusive, and globally connected.
💸 Fair pay & perks - Attractive salary, with performance-based rewards and family-friendly policies, plus the potential for equity depending on role and level.

Additional benefits may vary depending on the country where you work and the nature of your employment with Criteo.