Information Security Manager

Aircall is a unicorn AI‑powered customer communications platform used by 22,000+ companies worldwide to drive revenue, provide faster resolutions, and scale. We’re redefining what a customer communications platform can be—by combining voice, SMS, Whats App, and AI into one seamless workspace.

Our momentum comes from a simple but powerful idea: help every customer‑facing team work smarter, not harder. Aircall’s AI Voice Agent automates routine calls, AI Assist streamlines post‑call tasks, and AI Assist Pro delivers real‑time guidance that helps people do their best work. The result—companies grow revenue, deliver faster resolutions, and scale service.

We’ve built a product customers love and a business that scales fast. Aircall operates in nine global offices (Paris, New York, San Francisco, Sydney, Madrid, London, Seattle, and Mexico City), and is backed by world‑class investors. Our teams are shipping AI innovation faster than ever and expanding across new product lines and markets.

At Aircall, you’ll join a company in motion—ambitious, profitable, and product‑driven—where impact is visible, decisions are fast, and growth is real.

We believe in customer obsession, continuous learning, and delivering extraordinary outcomes. We value open collaboration, taking ownership, and making smart, informed decisions with speed and precision. If you thrive in a fast‑paced, team‑driven environment where curiosity, trust, and impact matter, you’ll fit right in.

This role will sit within the CTO (Technology) organization, alongside Security & Infrastructure Engineering, building the security foundation of a future Governance, Risk & Compliance (GRC) function. The Information Security Manager takes ownership of Aircall’s information security strategy, governance, and risk management practices, ensuring that our security, IT, privacy and product teams are aligned, accountable, and operating against a unified framework.

• Develop and maintain the company‑wide security strategy, policies, and governance frameworks.
• Ensure ongoing compliance with SOC 2, GDPR, NIST, and other relevant global security standards (e.g., ISO 27001).
• Determine the company’s strategy to pursue additional certifications in collaboration with other security stakeholders.
• Participate in building the Governance, Risk & Compliance (GRC) function, aligning with privacy, compliance, and enterprise risk; maintain and execute against a risk matrix.
• Ensure each branch of Information Security (Product Security, IT Security, GTM, Vendor Due Diligence, Customer‑facing topics, Governance, Policies & Audits) performs its responsibilities effectively and operates in a coordinated manner.
• Lead enterprise‑wide security risk assessments, gap analyses, and mitigation planning.
• Partner closely with Legal/Privacy on regulatory obligations, including GDPR, data residency requirements, and incident reporting.
• Oversee vendor risk management and security due diligence, ensuring consistent assessment standards and cross‑functional alignment.
• Build and manage a scalable vendor security program, including due diligence, remediation, and monitoring.
• Maintain and refine incident response policies, workflows, roles, and communication procedures.
• Coordinate cross‑functional participation during security events, ensuring documentation, communication, and post‑incident reporting.
• Serve as the point of escalation for major security events.
• Ensure clear reporting lines, accountability, and coordination between IT Security and Engineering/Product Security.
• Work closely with IT, Product, Engineering, and Data teams to embed security‑by‑design throughout the development lifecycle.
• Manage dotted‑line reporting relationships with Security Engineers and IT team members, ensuring unified strategic direction while respecting functional dependencies.
• Represent Information Security to the Board, Audit Committee, customers, and regulators as needed.
• Lead company‑wide security training and awareness initiatives.
• Promote a security‑first culture across all functions, ensuring employees understand their role in protecting company and…