PitchMeAI
Filigran

Chief Information Security Officer

Filigran · France

  • Hybrid
  • Full-time
  • $200,000 / year
  • France

Job highlights

  • Lead Filigran's inaugural information security program.
  • Design and implement Security Operations and Incident Response.
  • Act as Data Protection Officer for AI, privacy, security.
  • Build and maintain regulatory compliance and certifications.
  • Establish threat intelligence and breach simulation capabilities.

About the role

About Filigran

Filigran, founded in October 2022, stands out in the cybertech ecosystem for its commitment to revolutionizing cyber threat management with a proactive approach. Its mission is to develop innovative open-source solutions designed to anticipate cyber threats, identify security gaps, and strengthen organizational security posture.

Filigran solutions are now trusted by over 6,000 public and private organizations worldwide.

The Role

We are looking for our first internal security leader: a CISO who will design, build, and run the foundations of Filigran's information security programme. This is a hands-on, build-from-scratch role. You'll be responsible for defining processes, setting up tools, and preparing the growth of the Security Operations team. You'll establish the Filigran-CERT (F-CERT), ensure our resilience against threats, and hold the formal Data Protection Officer mandate acting as the operational and regulatory gatekeeper: authoritative point of contact for regulators, customers, and internal teams on all matters touching AI, privacy, and security compliance.

You will be working closely with C-suite, executive leadership and regulators, and as the CISO, you will ensure that cybersecurity, cyber resilience and data protection are embedded across technology, business operations and partner ecosystems.

Your Responsibilities

Build & Lead Security Operations
  • Design and implement Filigran's first CSIRT and Security Operations (SecOps) framework.
  • Define processes for incident detection, response, containment, and recovery.
  • Manage relationships with external Managed SOC providers for hybrid Level 1 monitoring.
Incident Response & Crisis Management
  • Act as primary incident commander for security events and data breaches.
  • Build and maintain incident playbooks and escalation paths.
  • Drive post-incident reviews and lessons learned.
  • Ensure timely breach notification to supervisory authorities in coordination with the General Counsel.
Threat Intelligence & Breach & Attack Simulation
  • Leverage Filigran's own products (OpenCTI, OpenBAS/OpenAEV) to run advanced threat intelligence analysis and attack simulations.
  • Continuously evaluate threats relevant to Filigran and its ecosystem.
  • Provide actionable intelligence to leadership and engineering teams.
Regulatory Compliance, Certifications & Audits
  • Establish the Filigran-CERT (F-CERT) and position it as the trusted security function for the company.
  • Build and maintain an ISMS aligned with ISO 27001, SOC 2, or equivalent standards.
  • Lead security certification efforts and manage external audits.
  • Own the vendor security assessment process and third-party risk management program.
DPO — Official Gatekeeper for AI, Privacy & Security
  • Hold the formal Data Protection Officer mandate under GDPR, serving as the official point of contact for supervisory authorities (e.g. CNIL).
  • Act as the internal gatekeeper ensuring that AI initiatives, data processing activities, and security controls meet applicable regulatory requirements.
  • Collaborate closely with the General Counsel to translate legal and policy obligations into operational controls.
  • Monitor evolving regulation (GDPR, AI Act, ePrivacy, NIS2) and assess operational impact in coordination with Legal.
  • Handle or coordinate responses to data subject requests (DSARs) and regulatory enquiries.
Team Building
  • Act as a player-coach, balancing hands-on work with preparation for team growth.
  • Define future roles and responsibilities for SecOps.
  • Mentor and onboard new hires as the team scales.

Who You'll Work With

Reporting to: Chief Executive Officer

Close collaboration with: General Counsel, Engineering, Product, IT, Finance, and People teams

External stakeholders: Supervisory authorities (CNIL and equivalents), external auditors, managed security providers, customers

Profile We're Looking For

  • Proven experience in an information security leadership role (CISO, Head of Security, CSIRT Manager, or equivalent).
  • Formal DPO qualification or equivalent experience, solid working knowledge of GDPR and EU data protection law, including AI Act implications.
  • Strong background in incident response, forensics, and security monitoring.
  • Experience working with managed SOC services in hybrid models.
  • Knowledge of threat intelligence practices and frameworks (MITRE ATT&CK, STIX/TAXII), bonus if you've used OpenCTI.
  • Familiarity with red teaming, breach & attack simulation (BAS), or security testing.
  • Comfortable operating at the intersection of technical security and regulatory compliance, without owning the legal function.
  • Hands-on mindset: comfortable being the first security leader in a scaling organisation.
  • Excellent communication skills with regulators, customers, technical teams, and executives alike.
  • Fluency in English required; French is a strong plus.

Why Join Filigran? More than just a job.

We’re a fast-growing, global, and fully remote company building open-source cybersecurity solutions, increasingly powered by AI, to help defense teams anticipate threats and act faster.

What we believe

We believe we do work that matters, uniting defenders into a global community to make security more open, resilient & collaborative.

How we work

We do work that matters by combining strong engineering standards with emerging technologies, including AI, to move faster and smarter.

What guides us

We make our work matter by building a culture grounded in our CORE values of Cohesion, Openness, Responsibility, and Equity. The principles that guide how we make decisions, treat people, and grow together, especially when no one’s watching.

Compensation & Benefits

  • Competitive pay + equity - everyone shares in our success
  • Remote-first, flexible, and balanced - work that fits your life
  • Your setup, your choice - pick the gear that works for you
  • Twice-a-year gatherings - we meet in person for regional and global offsites to connect, collaborate, and strengthen our culture beyond the screen

Equal Employment Opportunity

We enable cybersecurity through inclusion - from code to culture. At Filigran, we are proud to be an equal opportunity employer. We believe diversity of our people make our products and our team stronger. We welcome talent of every background, identity, and lived experience, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, age, disability, or veteran status. What matters here is what you bring, not what you look like, where you’re from, or how you identify.

Key skills/competency

  • Chief Information Security Officer (CISO)
  • Information Security Program Management
  • Security Operations (SecOps)
  • Incident Response
  • Data Protection Officer (DPO)
  • GDPR Compliance
  • Threat Intelligence
  • Cybersecurity Compliance
  • Risk Management
  • Team Leadership

Skills & topics

  • Chief Information Security Officer
  • CISO
  • Information Security
  • Cybersecurity
  • Data Protection Officer
  • DPO
  • GDPR
  • Incident Response
  • Security Operations
  • Threat Intelligence
  • OpenCTI
  • ISO 27001
  • SOC 2
  • Risk Management
  • Leadership
  • Remote
  • Cybertech

How to get hired

  • Tailor your resume: Highlight your CISO experience, DPO qualifications, and incident response leadership, quantifying achievements with metrics.
  • Craft a compelling cover letter: Directly address Filigran's mission and how your hands-on, build-from-scratch approach aligns with their growth.
  • Prepare for technical interviews: Be ready to discuss security frameworks, incident response playbooks, and threat intelligence tools like OpenCTI.
  • Showcase regulatory knowledge: Demonstrate deep understanding of GDPR, AI Act, and your experience as a Data Protection Officer.
  • Emphasize leadership and collaboration: Highlight your ability to work with C-suite, regulators, and build a security team.

Technical preparation

Master incident response frameworks and playbooks.,Deepen knowledge of GDPR and AI Act regulations.,Familiarize with OpenCTI and breach simulation tools.,Prepare to build security operations from scratch.

Behavioral questions

Describe building a security program from zero.,How do you handle high-pressure incident response?,How do you balance technical security and compliance?,How do you mentor and grow a security team?

Frequently asked questions

What are the key responsibilities for the Chief Information Security Officer at Filigran?
The Chief Information Security Officer at Filigran will be responsible for designing, building, and running the company's information security program from scratch. This includes establishing Security Operations (SecOps), leading incident response, acting as the Data Protection Officer (DPO), managing regulatory compliance (GDPR, AI Act), and developing threat intelligence capabilities. It's a hands-on role focused on building foundational security structures for a growing organization.
What qualifications are essential for the CISO role at Filigran?
Essential qualifications include proven experience in an information security leadership role (CISO, Head of Security), a formal DPO qualification or equivalent experience with strong GDPR knowledge, and a background in incident response, forensics, and security monitoring. Familiarity with threat intelligence frameworks and a hands-on mindset are crucial, as is excellent communication with diverse stakeholders.
How does Filigran leverage its own products in this CISO role?
The CISO will leverage Filigran's own open-source products, such as OpenCTI for threat intelligence analysis and OpenBAS/OpenAEV for breach and attack simulations. This allows for advanced analysis of threats relevant to Filigran and its ecosystem, providing actionable intelligence to leadership and engineering teams.
What is the work arrangement for the Chief Information Security Officer at Filigran?
Filigran operates as a remote-first company, offering a flexible and balanced work environment. The CISO role is designed to accommodate this remote-first approach, allowing for work that fits your life while providing opportunities for in-person connection during twice-a-year gatherings.
What are the benefits of joining Filigran as its first CISO?
Joining Filigran as the first CISO offers the unique opportunity to build and shape the entire information security program from the ground up. Benefits include competitive pay and equity, a remote-first flexible work setup, choice of equipment, and opportunities to connect with colleagues at global offsites. You'll be part of a fast-growing company making a significant impact in cybersecurity.
Does Filigran require specific language skills for the CISO position?
Fluency in English is required for the Chief Information Security Officer role at Filigran. French is considered a strong plus, especially given the company's operational and regulatory interactions within Europe.
What kind of team will the CISO build and lead at Filigran?
The CISO will act as a player-coach, initially balancing hands-on work with the strategic planning for future team growth. Responsibilities include defining roles for SecOps, mentoring, and onboarding new hires as the Security Operations team scales.
How does Filigran approach regulatory compliance for a CISO?
Filigran places a strong emphasis on regulatory compliance. The CISO will hold the formal Data Protection Officer mandate under GDPR, act as the point of contact for supervisory authorities, and ensure adherence to evolving regulations like the AI Act and NIS2. Building an ISMS aligned with ISO 27001 or SOC 2 is also a key part of the role.