🇫🇷 La langue de travail à Didask est l'anglais et sa maîtrise est requise pour nous rejoindre. Néanmoins, nous publions l'intégralité de nos offres d'emploi en français et en anglais. Vous pouvez retrouver toutes nos offres d'emploi sur cette page, ainsi que plus d'informations sur Didask, notre culture et nos avantages.

🇬🇧🇺🇸 While English is our working language at Didask and proficiency is required to join us, we publish all our job openings in both English and French. You can find all our positions on this page, along with more information about Didask, our culture and benefits.

Job description

As Security & Compliance Lead at Didask, you will serve as our Information Security Officer and Data Protection Officer (DPO), representing Didask both internally and externally on all security and compliance matters. Your mission: ensure we operate at the highest standards while maintaining our agility, by selecting and implementing the right frameworks for security, privacy, and quality.

Working closely with engineering teams and interfacing with prospects, customers, auditors and authorities, you'll have a broad scope of ownership:

• Security & Risk Management: Define and implement our security strategy. Lead risk assessments and business continuity planning. Build and maintain our security program, including training and incident response. Partner with engineering teams on security controls implementation.

• Security & Privacy Compliance: Serve as Data Protection Officer. Maintain our ISO 27001 certification and manage our compliance platform (Vanta). Define our certification roadmap (e.g., SOC 2) based on market requirements. Handle data subject requests and regulatory inquiries.

• Quality Management System: Own and develop our QMS. Define and document key processes across the organization. Drive continuous improvement through metrics and feedback loops. Ensure proper documentation and process adherence.

• Training Quality Management: Oversee our Qualiopi certification for professional training. Define and monitor training quality indicators. Ensure that the processes set up within this framework evolve in line with regulations and business changing needs. Ensure compliance with professional training regulations.

• Product Quality & Reliability: Drive our product accessibility compliance (RGAA) and service level objectives. Partner with engineering teams on quality standards implementation and SLA monitoring. Contribute to incident management processes and continuous service improvement.

• AI Trust & Safety: Implement quality assurance processes for AI-generated content. Define and maintain AI safety guidelines. Monitor AI system outputs for compliance with our standards and upcoming regulations (EU AI Act). Coordinate with ML teams on compliance requirements.

• Enterprise & Contract: Lead security questionnaire responses for enterprise prospects. Create and maintain compliance documentation. Partner with sales teams to address security concerns. Own our terms of service and customer contracts from a compliance perspective.

Your profile

We're looking for someone who can bridge the gap between technical requirements, regulatory compliance, and business objectives. Here's what we expect:

• Team Culture: You excel in our transparent, written-first environment where we value clear documentation and async communication. You share our belief that security and privacy should be built on openness rather than obscurity. You have experience fostering a security-minded culture across an organization.

• Leadership & Ownership: You take ownership of your domains while knowing when to involve others. You're proactive in identifying and addressing issues, but also systematic in how you implement solutions. You're comfortable making decisions with incomplete information while maintaining rigorous follow-through.

• Communication Excellence: Exceptional ability to present security and compliance topics to diverse audiences. Experience addressing enterprise prospects' concerns during sales cycles. Outstanding documentation skills for both internal processes and customer-facing materials. Strong presentation abilities with a track record of building trust with technical and business stakeholders.

• Regulatory Expertise: Strong understanding of security, privacy, and training requirements (ISO 27001, GDPR, AI Act, Qualiopi). Experience managing certification processes and quality indicators. Solid grasp of accessibility standards. Track record of building compliance programs that support business growth.

• Technical Understanding: Experience with cloud security architecture and service reliability engineering. Familiarity with quality monitoring and incident response practices. Understanding of AI/ML systems and their compliance considerations.

• Business Acumen: Experience with enterprise SaaS contracts and service level agreements. Understanding of B2B SaaS business models and enterprise sales cycles. Ability to balance risk management with business objectives.

Interview process

Apply by answering a few written questions about your experience and vision for security at Didask.

If your profile matches our needs, here's what to expect:

1. A screening interview to discuss your background and approach to security.

2. A take-home exercise focused on a compliance scenario.

3. A technical discussion with engineering leads about security architecture.

4. A final conversation with product leadership about vision and strategy.

🇫🇷 Sauf mention contraire, toutes nos offres sont accessibles en télétravail complet à condition de travailler dans un fuseau horaire proche de celui de Paris et de disposer des bonnes conditions de travail (notamment connexion Internet). Attention, nous ne pouvons à l'heure actuelle embaucher que des résidents fiscaux français.

🇬🇧🇺🇸 Unless specified otherwise, all positions are fully remote, provided you work in a timezone close to Paris and have suitable working conditions (including Internet connection). Please note that we can currently only hire French tax residents.