Security and Compliance Lead

About Strivr

At the intersection of technology, science, business, and sports, Strivr offers the leading VR-based immersive learning platform that is changing the way employees train, learn, and perform. With a mission to elevate performance through immersive experience, we are redefining an industry and shaping the future of workforce development.

Strivr was founded in 2015 out of Stanford University’s Virtual Human Interaction Lab, using the football field as our proving ground. Since then, we have expanded from the athlete to the enterprise, partnering with leading Fortune 1000 companies including Bank of America, MGM Resorts, Sprouts, Verizon, and Walmart to innovate and elevate employee learning and development at scale.

More than just content inside a headset, Immersive Learning is a groundbreaking training methodology that combines the sense of presence in Virtual Reality with advanced learning theory, data science, and spatial design. It provides realistic, high-impact experiences driven by best practices across L&D, instructional design, immersive content development, data science, product design, and user experience. As the leading VR-based Immersive Learning solution for enterprises on the market today, Strivr’s platform enables the deployment of VR training at scale while serving as the bridge to the connected immersive worlds of tomorrow.

Recognized by Fast Company’s Most Innovative Companies three years in a row, a ‘Major Player’ by IDC in Soft Skills VR Training, and awarded by leading L&D analyst firm Brandon Hall, we take pride in our passion for innovation and use that energy to fuel our work. Our culture thrives on dignity, inclusion, accountability, transparency, and teamwork. We celebrate every win and learn from every loss. With a customer-focused mindset, we embrace continuous evolution and look forward to growing our team as we lead the industry forward!

About the role

As the lead for the Security and Compliance function at Strivr, you will be responsible for security and compliance across the platform and corporate systems. As Strivr scales VR across the enterprises in the Fortune 1000, our customers rely on the Strivr platform not just for its enterprise grade scalability but for its enterprise grade security which includes the ability to manage data with privacy and trust. If you would like to operate a security function for a company and a platform that is the bridge to the metaverse of tomorrow, this is the role for you!

Responsibilities

• Own and drive the compliance roadmap, develop and maintain security policies, manage vendor security reviews. Initiate and lead security compliance programs and audits for SOC2, ISO 27001, GDPR and CCPA. Collaborate cross-functionally across the company with Engineering, Product, Legal and HR and work with external auditors to achieve compliance certifications. Establish and continuously improve standards plans, processes and systems for audit and compliance management
• Partner with Sales engineering, Product and Engineering to complete security assessments and reviews required by customers
• Continuously inform and educate the company on security and privacy with training programs to increase the knowledge and further accountability for security and privacy across the employee base in the company. Work cross functionally with Engineering, and support the DevSecOps culture to prioritize and focus on security as part of the SDLC with secure code development programs, implementing SAST, DAST and SCA in pipelines and deployed environments.
• Work cross functionally with Engineering to continuously improve security architecture and operational practices, deploy systems to observe networks, infrastructure and systems, standardize and improve IAM in production and non production environments.
• Work with corporate IT and infrastructure teams to deploy software, such as intrusion detection systems, firewalls and data encryption programs on the corporate network and systems, to protect the organization’s sensitive information
• Lead incident response activities and forensic investigations into breaches, identify the scope and impact, prepare communications and plans to be reported to both management and customers
• Regularly report on status, operational metrics and KPI's, providing transparency on risks, incidents and protections to company leadership, Board of Directors and internal teams

Minimum Qualifications

• Experience in compliance implementation, and successfully leading compliance projects, risk assessments and audits for SOC2, ISO 27001, GDPR and CCPA
• Experience developing and implementing security policies, standards, and procedures
• Experience with investigating and leading security related incident investigations, communicating plans and impact to management and customers
• Experience working with product and engineering teams within the modern cloud / SaaS and mobile technology space. Past experience in consulting is a plus.
• Proven ability to analyze results from system and code scans, and ability to identify the severity of risk in the product and on the platform and risk to the business
• Excellent partnership and project management skills - you will be working on projects with external parties suchs vendors, auditors, third party systems and internal teams across the engineering, product and the rest of the organization
• Excellent written and verbal communication skills
• An educational background in computer science, information technology or a related engineering field with an emphasis in software or infrastructure or network security.

Preferred Qualifications

• At least one recognized security certification, like Certified Ethical Hacker (CEH), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM)
• Experience designing and deploying secure networks, systems, and application architectures
• Experience in software engineering, infrastructure engineering or system administration roles supporting multiple platforms and applications
• Experience with deploying endpoint security systems, anti-virus/malware software, intrusion detection, firewalls, data loss protection
• Ability to obtain a Security Clearance