Обратно към Кариери

Information Security Officer

02 April 2026

Groupama in Bulgaria is an insurance company, part of Groupama Assurances Mutuelles:
  • № 1st – Individual health insurer and Agricultural insurer
  • № 2nd – Home insurer
  • № 4th – Motor insurer
  • 12 million members and customers
  • 31,000 employees
  • International presence: in 10 countries in Europe, Asia and Africa
Locally, Groupama is a fast-growing insurance company, a champion in customer service. Our clients are at the heart of everything we do. Digitalization and human touch are key principles of our work. Groupama's business is growing by more than 20% annually and, in the context of its development, we are looking for a new talent to join our IT department.

We are looking for a senior Information Security Officer to own and continuously mature our Google Cloud security posture. This is a hands-on, high-ownership role within a regulated insurance environment, operating as the primary local security authority while interfacing closely with our international group security function. You will combine deep GCP technical expertise with the judgment and communication skills to navigate compliance obligations, represent security to senior stakeholders, and lead incident response efforts end-to-end. You will not manage a local team, but your work will have direct visibility at group level.


Key Responsibilities:

  • GCP Security Ownership
Design, implement, and continuously improve security controls across our GCP organization. This includes IAM architecture, VPC Service Controls, Cloud Armor, Workload Identity, and organization-level policy enforcement. Take full ownership of Google Security Command Center — configure sources, triage and manage findings, and build automated remediation where appropriate.

  • Vulnerability & Posture Management
Lead the organization's vulnerability management lifecycle. Define processes, prioritize findings in a risk-based manner, track remediation, and report status to leadership and group security teams.

  • Security Monitoring & SIEM
Ensure comprehensive log coverage from GCP workloads to the centralized SIEM managed by the group security team. Design and maintain Cloud Logging and Cloud Monitoring dashboards and alerting thresholds for local visibility. Collaborate with the group SOC on threat detection alignment and escalation protocols.

  • Incident Response
Serve as the local incident response lead. Own the full lifecycle from detection through containment, eradication, recovery, and post-mortem. During significant incidents, lead the coordinated effort across internal teams — management, infrastructure and responsible external providers. Maintain an active working relationship with the Groupama Group Security Operations team, providing timely information sharing and leveraging their support on projects and recommendations.

  • Compliance & Governance
Translate regulatory requirements — DORA, Solvency II, GDPR, and locally approved security standards — into concrete GCP controls and documented processes. Maintain security policies relevant to the local entity and support audit and certification activities.

  • Security by Design
Embed security requirements into infrastructure and application delivery workflows. Work closely with the Infrastructure team to identify and remediate vulnerabilities, evaluate and implement new technologies from a security perspective, and ensure new systems and changes are assessed and approved before deployment. Act as the security authority in joint infrastructure and development initiatives.


Required Skills:

Must-have:
  • 5+ years of hands-on experience in information security, with a strong focus on cloud environments.
  • Proven hands-on experience securing cloud environments (GCP preferred; equivalent experience in AWS or Azure will be considered). Candidates without GCP experience should demonstrate willingness and ability to transition to GCP.
  • Demonstrated ownership of cloud-native security tooling such as Google Security Command Center, AWS Security Hub, or Azure Defender.
  • Experience leading incident response in a cloud environment, including coordination with external or group-level teams.
  • Working knowledge of at least two of the following: DORA, Solvency II, GDPR, or equivalent regulated-industry compliance frameworks. Ability to adapt and implement group-level standards once locally approved.
  • Strong written and verbal communication — ability to convey technical risk clearly to non-technical stakeholders and group security leadership.

Nice-to-have:
  • Familiarity with Infrastructure as Code (Terraform) for reviewing and contributing to GCP security configurations.
  • Familiarity with SIEM platforms and log pipeline configuration.
  • Exposure to DevSecOps practices and CI/CD security integration.
  • Google Professional Cloud Security Engineer or CISSP certification.


Our Offer:    
  • Opportunity for career development in a French insurance company.
  • Employment contract, competitive salary and bonus scheme.
  • Health insurance.
  • Food vouchers.
  • Additional day of paid leave for birthday.
  • Home-office policy.
  • Discounts on Groupama insurance products.
  • Co-operative and friendly team of professionals.
  • Team buildings and training programs.
  • Comfortable and nice working environment meeting international standards.
  • Career and development opportunities in a challenging and prospective area.

If our offer is interesting for you and you feel that you meet the above requirements, please apply by sending your CV.

Only short-listed candidates will be invited for an interview.

All applications will be treated with strict confidentiality under the provisions of the Law for Protection of Personal Data.
 

         

Кандидатствай по тази обява:

Моля, добави име.
Моля, добави фамилия.
Моля, добави телефонен номер минимум 9 цифри.
Моля, добави валиден имейл адрес.
Добави файл
Не сте се съгласили да предоставите личните си данни!
Сподели