Apply now »

GRC Director

Req ID:  44922
Date:  Feb 10, 2026
Location: 

Paris, FR, 75008

Company:  Sonepar
Brand:  Sonepar Digital SAS

About Sonepar

Sonepar is an independent family-owned company standing as the world leader in B-to-B distribution of electrical equipment, solutions, and services. In 2024, Sonepar achieved sales of €32.5 billion. Present in 40 countries with a dense network of brands, the Group is leading an ambitious transformation to make its customers’ lives easier providing them with an omnichannel experience and sustainable solutions in the building, industry, and energy markets. 

Sonepar’s 46 000 associates are committed to accelerating the world’s electrification and driven by a shared Purpose: Powering Progress for Future Generations.

www.sonepar.com

 

How will you shape our tomorrow

We are seeking a strategic and visionary leader to join our organization as the director of Governance, Risks, and Compliance (GRC). You will report directly to the Senior Vice President Cybersecurity & Infrastructure. You will act as the global lead and subject matter expert for Governance, Risks, and Compliance strategy and monitor the whole GRC policy for the group. You will act as an expert in GRC strategies, creating and managing a global team of GRC Specialists, contributing to the identification, development, implementation, maintenance and oversight of information security policies, procedures, and processes across the organization in order to reduce risks, minimize incidents impacts, and limit exposure to liability in all areas of financial, physical and personal risks.

You will lead the definition and the implementation of the corporate information security strategy aligned with the Group strategic vision and plan.

 

You will manage a team of experts responsible for the 3 following topics: 

  1. Governance
    • Define the policies, procedures, standards and processes to implement the security strategy across the organization and entities of the Group and ensure ongoing maintenance and audit of information security; 
    • Define a security control framework and audit requirements to monitor the effectiveness of the security policies, procedures and management framework,
    • Define the framework to assess third party risk management (TPRM) and coordinate the execution;
    • Provide safeguard recommendations and assist the Group's Business and support functions with the implementation of these recommendations stemming from security risk assessments;
    • Ensure that the operational recommendations are followed by the risk owners, in collaboration with the Enterprise Risk Management group, but also assist in planning and sponsor the security awareness program to support continuous training on security related topics.
  1. Risks 
    • Conduct information security risk assessments, based on a framework which specify how to define, identify and classify critical assets, assess threats and vulnerabilities regarding those assets across the organization, in order to ensure that key risk issues are understood, communicated, and tracked on appropriate risk registers.
    • Promote and facilitate cybersecurity feedback and post-mortem analysis, which allow to identify gaps and generate continuous improvement;
    • Define information security key performance indicators that will ultimately be reported to executive management through dashboards crafted with those purpose;
    • Perform a continuous improvement approach to industrialize the capture of risk information for consolidation, centralization and decision-making process, streamlined across the organization.
  1. Compliance
    • Coordinate security related processes and ensure compliance toward regulatory frameworks such as NIST CSF, NIST 800-171, ISO 27001, encompassing physical protection, premises access, asset protection and digital security;
    • Provide support and collaborative effort to Privacy-related compliance regulations (i.e. GDPR, Data Sovereignty Act, PIPEDA, CCPA, etc…);
    • Optimize continuously the process allowing to track, follow-up and remediate the audit findings from the various audit reports;
    • Represent Information Security within working groups for various projects or initiatives to ensure that information security requirements and frameworks are communicated and respected. 



The experience you bring

  • Education: You hold some of these certifications: ISO27001 Auditor, CISSP, CISM, CISA, CRISC, or CGEIT 
  • Knowledge & Experience
    • Experience in using frameworks like NIST CSF, NIST 800-53, ISO 27002 and ISO 27005
    • Minimum 5 years managing a GRC cybersecurity team
    • Minimum 10 years in Cybersecurity working on GRC field in matrixial international organizations
    • You have a strong experience in information security governance, consultative stakeholder management, and strategic planning, such as a deep understanding of information security frameworks, processes and best practices
    • Knowledge of technological trends and developments in area of information security and risk management
  • Softskills
    • Fluent in English, fluent in French, oral and written, with impeccable Executive presentation
    • Strong presentation skills
    • Excellent interpersonal skills – capable to act as a leader, manage a team but also act as a team player to promote the value of security with internal and external senior executives. 
    • Capable of efficiently managing both direct and indirect employees.
    • Strong communication and facilitation skills, with a clear ability to build strong relationships with stakeholders at all levels and explain complex matters in understandable form to general business professionals.
    • Proven problem-solving skills and the ability to identify, analyze, and resolve issues, driving solutions through to completion.
    • Strong work ethic, professional integrity and the ability to handle confidential matters in a professional manner, applying the appropriate level of judgement and maturity.
    • Proactive, hardworking, team player and results oriented.

 

Work Mode & Location

- Hybrid: 3 days in Paris (8ème) after the probation period

 

 

Benefits that await you:

The role - Your daily activities will be interesting, stimulating and varied... No two days are alike!

The organisation - You'll be part of the Sonepar family and share the same values!

The culture - You'll be working in an international environment.

The team - Our dynamic, multidisciplinary, open-minded and talented team is eager to welcome additional skills to continue to meet the challenge.

 

75% reimbursement of your monthly or annual transport pass.

Swile Ticket restaurant card

Gym exclusively reserved for the company and made available to employees free of charge.

Sustainable mobility package

Health insurance & Welfare

 Employee Savings Plan & Profit Sharing Bonus.

 

Recruitment process

  • Phone call with a Talent Aquisition 
  • Interview with the Hiring manager 
  • Final HR interview 

We are interested in knowing you more. Start an exciting new career and enjoy many employee benefits by applying online. Sonepar HQ is thankful for your interest in joining the team, only individuals selected for interview will be contacted.

 

More information on Sonepar:

Website: www.sonepar.com 

Twitter: @sonepar

LinkedIn: https://www.linkedin.com/company/sonepar/  

Check out Sonepar on Facebook!

 

To apply, you must use a computer and one of the following browsers: Safari, Chrome, Mozilla Firefox or even EDGE.

Apply now »