Security Lead

Benefits

Additional Information

Health can't wait . Not for symptoms to get worse. Not for a six‑month appointment. Not for a system to catch up. But that's exactly how healthcare works today. You wait, until you can't. Alan exists to end the wait. Health is a universal right, and we believe this right can only become real when it's coupled with prevention. We need to stop treating health as something we repair and start treating it as something we build, every day. It's not solely a question of willpower. It's the healthcare system itself that needs to work for everyone, in a sustainable way. So we are building the new standard in prevention insurance. Alan is the first company that integrates insurance, prevention, and care into a single, acclaimed user experience. We are on an incredible journey to build a global leading company, with a unique culture . We already partner with 40K+ companies of all sizes, serving more than 1M+ members, and have reached €800M+ in ARR. Prevention as the new norm. That's what we're building with our team of 800+ people. If it speaks to you: we're hiring across France, Spain, Belgium, and Canada. And beyond. Why we are looking for a Security Lead Alan is no longer the company it was in 2020. We are now an insurance group celebrating its 10th birthday, operating across 4 countries and growing fast - handling sensitive health data for 1M+ members, operating under DORA and HDS certification requirements, and regulated by the ACPR. To match that scale, we are opening an external search for a Security Lead for the team's next phase: someone who brings structure, vision, and people leadership to a team that already has serious technical firepower. Pillars of the role 1. Lead the security team and the topic 2. Own security in the AI era 3. Scale across 10+ countries 4. Build and evolve Alan's security strategy Your traits and achievements Lead the security team and the topic - People leadership at scale: You have led security (or security-adjacent) teams where people genuinely grow. You can coach, structure, and elevate a team that is already highly technical. You have concrete examples of talent you have developed. - Gives clarity and direction: You can cut through ambiguity and set a clear agenda for a team through well-communicated priorities and structured ownership. - Combines vision with execution: You are comfortable setting direction and rolling up your sleeves technically. You do not hide behind strategy when things need to get done. You understand how the product works and contribute value to product-led discussions. - Knows when to escalate and when to absorb: You have the judgment to distinguish between noise and real signal, and to protect the team's focus accordingly. - Pragmatic risk trade-offs: You make sensible risk decisions and keep the business moving rather than chasing perfect security. You understand that security is an enabler rather than a gatekeeper. Own security in the AI era - AI security vision: You have a clear point of view on how AI changes the threat landscape as an attack vector and as a defensive lever. You are thinking seriously about LLM security, agent risks, and AI governance. - Enables AI adoption safely: You can design a framework that lets product and engineering teams ship AI-powered features confidently, without creating bottlenecks. You think in guardrails, not gates. - Stays current: You track OWASP LLM Top 10, MITRE ATLAS, EU AI Act, and similar developments. You can translate them into actionable priorities for Alan's context. - Uses AI for security: You actively use AI to accelerate threat detection, automate compliance evidence, and improve the team's throughput, you do not just talk about it. Scale across 10+ countries - ISO 27001 ISMS leadership: You have led at least one full certification or recertification cycle. You kKnow what breaks down in the months between audits and how to run the programme as a living system rather than a point-in-time exercise. - Multi-regulatory fluency: You understand DORA, HDS, RGPD, NIS2, and PGSSI-S - not necessarily as a GRC expert, but well enough to translate regulatory requirements into technical controls and flag implementation gaps. You understand the frameworks' long term dependencies and the possibilities they unlock for the business. - Health sector context: You have worked in or closely with regulated industries. Bonus: You understand the ANS framework, CERT Santé requirements, and what it means to handle sensitive health data operationally. - Risk as a living programme: You have run security risk cartography (ideally with EBIOS RM) and made it feed into real business and engineering decisions. - Third-party risk with real teeth: You have run vendor security assessments and defined contractual security requirements. You are able to partner with Risk and Audit functions without duplicating work. Build and evolve Alan's security strategy - Security as a business asset: You see security as a long-term defensive ass

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at alan? Share your experience