Governance, Risk & Compliance Specialist

1. About Alma

At Alma, we believe sustainable commerce depends on fair, well‑balanced trade. Because finance plays a pivotal role in business, our mission is to put it back in its rightful place - serving merchants and consumers.

Our installment and deferred payment solutions help merchants boost sales by 20% or more, increase customer loyalty, and deliver a seamless shopping experience - without encouraging bad debt.

As the buy now pay later leader in France and active in 10 European countries, we’ve empowered over +24,000 merchants and 9 million consumers.

With 380+ Almakers and €100M+ ARR, Alma is scaling rapidly across Europe—and we’re just getting started.

Alma is the company for you if are looking for:

Collective intelligence is the driving force behind Alma: we are looking for open-minded, curious, and ambitious people who want to actively participate in this exponential growth.

To continue to deliver an optimal purchasing experience and absolute ease of use, all teams at Alma (Tech, Product, Sales, Operations, Data, Risk, Finance, Compliance, Legal, Marketing and People) will strengthen their members to maintain the highest standards of quality and trust while pushing these innovations at Alma’s pace.

2. About the job

Alma is a licensed payment institution (ACPR-approved), processing millions of transactions across France and Europe. The regulatory environment has materially tightened: DORA entered into force in January 2025, NIS 2 is now transposed in France, and ACPR oversight is intensifying. To meet this moment, Barbara Goubert joined Alma in early 2026 as Head of IT & Security / CISO, and is actively building and structuring the IT & Security function. The team currently counts 6 people, with profiles covering infrastructure, security operations, and IT. This role is a genuine opportunity to build something meaningful. We're looking for a confirmed GRC Specialist to own and drive Alma's information security governance, risk management, and compliance program. If you have solid GRC foundations and are looking for an environment where your work has real impact and where you'll be supported to grow, we'd love to hear from you.

3. Your responsibilities and missions

Regulatory compliance: DORA, NIS 2 & ACPR

• Build Alma's DORA and NIS 2 compliance roadmap: conduct gap analysis, define remediation priorities, and track execution

• Coordinate cross-functional requirements with Finance, Legal, and Engineering to maintain a consistent regulatory posture

Security risk mapping

• Own and maintain the Security Risk Map (Risk Map 2026): expand its cyber/InfoSec coverage and enrich risk scoring

• Connect risk findings to structured remediation plans and report progress to the CISO on a regular cadence

Security policies & audit readiness

• Formalize, update, and enforce security policies and procedures across the organization

• Lead evidence collection and audit response for external reviews (ACPR inspections, SOC 2 Type II, ISO 27001 roadmap)

Security governance & cross-functional bridge

• Translate regulatory requirements into actionable plans for both technical teams (Engineering, SRE) and business stakeholders (Legal, Compliance, Executive)

• Structure and maintain Alma's security governance framework: contracts, technical clauses, internal security awareness

4. Our stack Slack · Vanta · Linear · Notion · Google Suite · Dust.

5. About you We're looking for someone with solid GRC foundations and the ability to make an impact in a cross-functional, fast-moving environment. You don't need to have done everything — but you're ready to take ownership, learn continuously, and bring people along with you.

Must have

• Practical knowledge of key regulatory frameworks (DORA, NIS 2, ISO 27001, GDPR) — with hands-on experience running or contributing to compliance programs in a real regulatory context

• Strong cross-functional communication skills — you translate complex regulatory requirements into clear, actionable language for any audience: engineers, executives, or external auditors

• Communication - Full professional fluency in French and English is required. Regulatory interactions and external audits happen in both languages.

Nice to have

• Experience with GRC tooling (Vanta or equivalent) and/or exposure to SOC 2 Type II processes in a fintech or regulated environment

• Prior experience in or with an ACPR-licensed entity or payment institution

6. Why join

The role itself Real ownership from day one, with direct CISO access and strategic visibility on topics that directly affect Alma's ability to operate as a licensed payment institution. This is a build role — decisions are made collectively, and your work will shape Alma's security posture for the long term. You'll have the space to grow into the role and be supported throughout.

The team & culture You'll be joining a small, high-trust team that Barbara is building deliberately and sustainably. Collaboration is at the core of how we work — major decisions involve the team, and your perspective matters. We value continuous learning, open feedback, and mutual support. You'll have a structured onboarding plan (the first 4 weeks are designed to help you get up to speed on context, people, and priorities),

7. Compensation & benefits

• Fixed salary on a 12-month basis

• Profit-sharing and employee savings plan: eligible after 3 months' seniority for year N+1

• Health insurance:100%covered by Alma

• Disability insurance:100%covered by Alma

• Sport: partnerships with Gymlib and Classpass, or reimbursement of€30/month for your sporting activities

• Maternity/paternity leave: salary maintained at100%, no seniority condition required

• Sustainable Mobility Package (FMD):€544.80/year(excluding full-remote contracts)

• Meal vouchers:€10/day, 50% covered by Alma

• Leave: 25 days/year + RTT

• Access to theSanaplatform for Learning & Development, and regular Almapéros

• 2 weeks of full remote possibleper year (in summer)

8. Interview process

1. Screening call— 30 min with Gérald (Talent Acquisition)

2. CISO interview— In-depth conversation with Barbara Goubert

3. Practical assessment(format to be confirmed)

4. Team fit— Conversation with Arthur, Thomas, and Rémi

5. Interview with N+2

6. Offer

9. OUR VALUES

• Raise the bar
• Do the right thing
• Test, Learn, Repeat
• Make it happen
• Lead with humility

DIVERSITY & INCLUSION

At Alma, we're committed to fostering an environment where diversity and inclusion are at the heart of our values. Our goal is to attract and build a diverse, equal and inclusive team, where everyone feels welcome.

As an equal opportunities employer we make sure the application process and our workplace is for everyone.