Chief Information Security Officer (CISO) H/F

Company Description

Born in France in 2006, Voyage Privé has grown from an ambitious startup into becoming the Europe's leading travel tech platform. Operating across 9 markets with tens of millions of users, we're not just another e-commerce success story - we're a tech powerhouse revolutionizing online travel.    

As a mission-driven company, we're unique in combining cutting-edge technology with social impact. Our innovative campus brings together tech talent, professional athletes, students, and artists, creating an ecosystem where digital innovation drives both business growth and positive change.    

We're now at an inflection point, upgrading our entire technical foundation with cloud architecture, AI, and real-time systems to become a reference and top-of-mind platform for luxury travel, known by travelers for its for excellent offer and customer experience, and by our providers as a high-performance business development partner.    

Why Join Us?  

• Work at the intersection of cutting-edge technology and a mission-driven company, transforming how millions experience travel.  

• Be part of an entrepreneurial team of innovators that isn't just building technology: we value innovation, ownership, and collaboration, with an emphasis on empowering engineers to make a difference.  

• Shape a fast-growing tech company as we embark on an ambitious plan to scale tenfold in the next decade.  

• Fast-paced, innovative environment with a real impact on high-end travel experiences. 

• A chance to lead security efforts at a strategic and operational level. 

• Direct visibility with the CDO and ExCom, shaping the future of security in a dynamic industry. 

• A collaborative, tech-driven culture that values security as a business enabler. 

• Enjoy a workplace that invests in personal and professional development, offering learning programs, mentorship opportunities, and career growth pathways.

Job Description

We are a large, renowned, fast-growing e-commerce company specializing in high-end online travel experiences. Security is a strategic priority to maintain the trust our customers have placed in us. 

Our goal is to protect our assets, manage risk, ensure compliance with regulatory requirements (e.g., PCI-DSS v4, GDPR), and build customer trust, all while supporting innovation in our technology and operations, and a profound transformation of our systems to enable and power our ambitious growth objectives. 

We are looking for a Chief Information Security Officer (CISO) who will define and execute a global security strategy, lead risk management efforts, and foster a strong security culture across the company. This role will be pivotal in securing our evolving infrastructure, enhancing governance, and demonstrating business impact through security initiatives. 

Key Responsibilities 

1. Define, Drive, and Execute the Security Strategy & Roadmap 

• Develop and maintain a comprehensive security strategy that covers technical, organizational, and physical security aspects. 
• Build and execute a structured security roadmap aligned with the company’s business and technical transformation. 
• Identify, assess, and prioritize information security risks (technical, organizational, human) and define appropriate mitigation plans. 
• Ensure compliance with industry regulations and standards (PCI-DSS v4, GDPR, and other relevant frameworks) in collaboration with legal and business teams. 
• Regularly report security progress, risks, and achievements to the Chief Digital Officer (CDO) and the Executive Committee (ExCom) through Quarterly Business Reviews (QBRs). 

2. Proactive Risk Management, Automation & Business Impact 

• Implement risk-based security measures and establish a continuous improvement approach for security operations. 
• Develop automated security dashboards to provide real-time visibility on security posture, including risks, incidents, and security initiatives. 
• Demonstrate tangible business impact of security actions (e.g., revenue protection, reduced fraud, SLA adherence, strengthened partner trust). 
• Establish Key Performance Indicators (KPIs) to measure security effectiveness and ensure alignment with business objectives. 

3. Technical, Physical, and Network Security 

• Oversee physical security measures (e.g., access controls, video surveillance, alarms) in coordination with infrastructure and facilities teams. 
• Ensure the security of networks, cloud infrastructure, and hybrid environments (on-premises + cloud). 
• Secure our API-driven, microservices-based architecture, working closely with DevOps and cloud teams. 
• Drive Security by Design and Zero Trust principles in all technology initiatives. 

4. Leadership, Team Management & Cross-Team Collaboration 

• Collaborate with product, data, engineering, infrastructure and legal teams to integrate security across all business functions. 
• Work alongside the Office IT Manager for security-related actions within Microsoft environments (Active Directory, Office 365, MFA, etc.). 
• Foster executive buy-in and ensure that security is seen as a business enabler, not a blocker. 

5. Security Awareness & Culture Development 

• Promote a strong security culture throughout the company, ensuring all employees understand their role in cybersecurity. 
• Implement company-wide security awareness programs, including phishing simulations and best practices training. 
• Act as a trusted advisor on security matters, maintaining a pragmatic and educational approach. 

6. Data Protection, GDPR & Third-Party Risk Management 

• Ensure compliance with GDPR and data privacy regulations, working closely with legal teams. 
• Oversee data protection, anonymization, and secure storage practices. 
• Manage third-party risk by ensuring vendors and partners meet security standards before integration. 

7. Incident Management & Continuous Improvement 

• Establish a structured incident management process, covering detection, response, mitigation, and post-incident reviews. 
• Lead internal and external security audits, including penetration tests, organizational security reviews, and compliance assessments. 
• Stay ahead of emerging cybersecurity threats and adapt security strategies accordingly. 

8. Budget & Security Investments 

• Define and manage the security budget, ensuring cost-effective investments in security tools and technologies. 
• Justify security spending by demonstrating ROI and risk reduction benefits. 

Qualifications

Technical Skills: 

• Proficiency in IT security tools and concepts: 

• Access management (IAM, SSO, MFA). 

• Infrastructure security (firewalls, VPNs, network monitoring, Wi-Fi security). 

• Application security (OWASP Top 10, API Gateway). 

• Strong knowledge of standards and certifications: PCI-DSS, ISO 27001, GDPR (in collaboration with the legal team). 

• Experience in hybrid environments (on-premise + cloud) and transformation projects. 

• Advanced skills in dashboard creation and automated reporting, with a focus on demonstrating business impact (tools like Power BI, Tableau, or security-specific solutions). 

Soft Skills: 

• Leadership and Influence: Ability to mobilize and convince diverse stakeholders, including COMEX members. 

• Business-Oriented Vision: Capable of translating security actions into tangible business results. 

• Autonomy and Structure: Skilled at prioritizing and structuring projects in a complex and evolving environment. 

• Pedagogy and Communication: Ability to simplify technical issues and foster adoption of security priorities. 

• Results-Driven: Transforming action plans into measurable and impactful outcomes. 

Experience and Education: 

• Significant experience (5+ years) as a CISO, RSSI, or security expert in a related environment (e-commerce, SaaS, cloud). 

• Knowledge or interest in the travel industry (ticketing, GDS connectivity, etc.) is a plus. 

• Engineering degree or Master’s in cybersecurity. Certifications preferred: CISSP, CISM, ISO 27001 Lead Auditor/Implementer. 

Why Join Us? 

• A Strategic Role: Be at the heart of the company’s digital transformation and security efforts. 

• Strong Autonomy: Structure a long-term vision while relying on internal and future technical resources. 

• Exciting and Varied Challenges: Hybrid architecture, technological overhaul, and security governance. 

• Stimulating Environment: Collaboration with multidisciplinary teams and cutting-edge technologies (cloud, microservices). 

Additional Information

You'll love joining us...  

• At Voyage Privé, the “entrepreneurial adventure” is a reality: take on ambitious and fulfilling projects, while joining a company committed to the growth of its teams.  

• Live in the South of France, in an exceptional natural, economic and cultural environment, on a modern, digital and eco-responsible campus.  

• Find your own balance with up to 2 days of telecommuting per week, which you can concentrate on one week at a time, up to 4 times a year.  

• Put meaning back into your work and discover a unique ecosystem, creating bridges between worlds that are often far apart: the economic, sporting, academic and social worlds, and take part in one of the Vision projects (Ecole des XV - Provence Rugby - VP Green- Les Tremplins - Chez Pierre).   

• Cancel your sports subscription! Access our large Campus gym morning, noon and night, and play Padel whenever you like on our court reserved exclusively for Voyage Privé employees...  

• Live to the rhythm of Voyage Privé's various Business & Fun highlights (Company Breaks, Carnival, Annual Convention...), take part in meetups and talks, and enjoy free tickets to every Provence Rugby home match or dance to the sounds of the Dalida Institute!  

• Would you like to take advantage of our getaway offers? Benefit from up to 20% off our irresistible prices.