Open to Remote | Works in timezone US


Why Join?

At the intersection of technology, science, business, and sports, Strivr offers the leading VR-based immersive learning platform that is changing the way employees train, learn, and perform. Strivr’s immersive platform is the enterprise’s bridge to the Metaverse. With a vision to elevate performance through an immersive experience, we are redefining an industry in real-time and shaping the future of workforce development.

About Strivr’s engineering team
Strivr’s engineering teams develop immersive experience software and a cloud-based software platform that powers the creation, management, and experience of immersive learning with a unique level of insights and predictive analytics. The platform is scalable, secure, and compliant which is critical to making our customers and users successful on our platform. They are a remote-first engineering team distributed across the nation. In addition to their six company values of Dignity + Inclusivity, Transparency, Customer-Focus, Evolution, Accountability and The Team, they index on strong communication skills, a growth mindset, responsibility and ownership, and a collaborative and respectful work culture.

Your Mission:

If you would like to operate a security function for a company and a platform that is the bridge to the metaverse of tomorrow, this is the role for you!

As the lead for the Security and Compliance function at Strivr, you will be responsible for security and compliance across the platform and corporate systems. As Strivr scales VR across the enterprises in the Fortune 1000, our customers rely on the Strivr platform not just for its enterprise-grade scalability but for its enterprise-grade security which includes the ability to manage data with privacy and trust.

You Can Expect To:

  • Develop, maintain and communicate security information, policies, plans, and processes
    • You will develop security standards for the organization
    • You will develop and maintain compliance policies and communicate them internally to the teams and to customers
    • You will partner with Sales Engineering to complete security assessments and reviews initiated by customers.
    • Lead compliance programs and vendor security reviews
    • You will initiate, own and lead security compliance programs and audits for SOC2, ISO 27001, GDPR, and CCPA
    • You will partner with functional organizations on vendor security reviews for the third party systems they want to bring aboard
  • Implement protections
    • You will partner with corporate IT to deploy software, such as intrusion detection systems, firewalls, and data encryption programs on the corporate network and systems, to protect the organization’s sensitive information
    • You will partner with product and engineering to continuously evaluate and improve application and infrastructure security postures.
    • You will deploy systems to observe networks and systems and use access patterns and system behavior to identify intrusions or breaches
    • Test for vulnerabilities
    • You will coordinate with third party systems to execute deep penetration test on the platform
    • You will implement deep scans of applications, infrastructure, and networks to identify vulnerabilities proactively
  • Lead investigation into security breaches
    • You will lead incident response activities with an objective to understand, mitigate, recover and minimize the impact of breaches.
    • You will lead a technical and forensic investigation into breaches, identify the scope and impact, and prepare communications and plans to be reported to management and customers
    • Management and Board Reporting
    • You will regularly report on status, operational metrics, and KPIs, providing transparency to company leadership, its Board of Directors, and internal stakeholder teams
    • Educate employees on security and privacy
    • You will design and deploy training programs to increase the knowledge and further accountability for security and privacy across the employee base.
    • You will partner with our Legal and People teams, and functional leaders across the company, to ensure that the teams prioritize security, privacy and confidentiality when developing products and in operational processes in different departments
    • You will evaluate and assist with the understanding of new and emerging security technology, always looking at options to improve on the current state.

Is This You?

Minimum Qualifications

  • Experience in security compliance and implementation, successfully leading compliance projects, risk assessments, and audits: SOC2, ISO 27001, GDPR, and CCPA
  • Experience developing and implementing security policies, standards, and procedures
  • Experience with forensics and leading security-related incident investigations, communicating plans and impact to management and customers
  • Experience working with product and engineering teams within the modern cloud / SaaS and mobile technology space. Past experience in consulting is a plus.
  • Proven ability to analyze results from system and code scans, and ability to identify the severity of risk in the product and on the platform and risk to the business
  • Excellent partnership and project management skills - you will be working on projects with external parties such as vendors, auditors, third-party systems, and internal teams across the engineering, product, and the rest of the organization
  • Excellent written and verbal communication skills
  • Engineering, computer science, or information technology with an emphasis on security educational background

Preferred Qualifications

  • At least one recognized security certification, like Certified Ethical Hacker (CEH), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM)
  • Experience designing and deploying secure networks, systems, and application architectures
  • Experience in software engineering, infrastructure engineering, or system administration roles supporting multiple platforms and applications
  • Experience with deploying endpoint security systems, anti-virus/malware software, intrusion detection, firewalls, data loss protection
  • Ability to obtain a Security Clearance in the future
Drop files here browse files ...