Vice President of Security and Privacy

Thrive Global is a leading behavior change tech company helping individuals, corporations, and communities improve their well-being and performance through our behavior change platform, storytelling, and corporate services. Thrive’s Microsteps – small, science-backed steps to improve health and productivity – have been adopted by employees at more than 200 organizations in over 160 countries, from frontline and call center workers to executives at multinational companies. For more information, visit www.thriveglobal.com.

As the Vice President of Security and Privacy, you will be a key member of the leadership team, reporting to the General Counsel, that will drive Thrive Global’s security practices to the next level. As we scale, you will build and lead a best-in-class security and privacy program and team owning initiatives including governance, risk, compliance, audit, security operations, security engineering, application/product security, and assurance and trust.

If you’re not sure that you’re 100% qualified, but this sounds like a role you would Thrive in – we want you to apply! We believe skills are transferable and passion for our mission goes a long way.

Who You Are:

• You have deep expertise in cybersecurity, compliance, privacy, and risk management, and a passion for Thrive Global’s mission to improve well-being and performance through secure, trusted technology.

• You have successfully scaled security programs in fast-growing environments and have led cross-functional teams to protect systems and data from security risks.

• You are well-versed in legal requirements, industry standards, and best practices, particularly in areas of GDPR, SOC 2 Type II, ISO 27000 / 27001 / 42001, and HIPAA.

• You thrive as an individual contributor while effectively building and leading teams.

• You are confident in customer-facing scenarios and excel at communicating security initiatives and addressing customer security concerns in clear and succinct manner.

Key Responsibilities:

• Strategic Leadership: Lead the development and execution of Thrive Global’s security and privacy strategies, collaborating with and supporting cross-functional teams (Product, Engineering, Legal, GTM (Sales / Customer Success), Human Resources) to align with business and technology goals.

• Governance & Compliance: Build and maintain a robust security governance framework that adheres to SOC 2 Type II, ISO 27000 /27001/42001, GDPR, and other local regulations and compliance standards. Coordinate and manage internal / external third-party audits and ensuring adherence to regulatory requirements.

• Data Privacy & End-User Protection: Oversee data privacy initiatives, particularly around handling of end-user data for B2B large enterprise customers and their employees and B2B2C (in Pharma). Ensure that all data practices meet industry and legal privacy standards.

• Risk Management: Conduct regular risk assessments and overseeing vulnerability scans, identifying potential security threats to Thrive Global’s systems, infrastructure, and data. Implement mitigation strategies and security incident response plans. Manage our third-party SaaS vendor process.

• Incident Response & Crisis Management: Lead security crisis management efforts by establishing a swift, effective incident response plan. Conduct regular training and simulation exercises for the team and wider company.

• Security Engineering & Operations: Oversee technical security solutions such as firewalls, intrusion detection, secure SDLC, and vulnerability assessments. Overseeing newly implemented technologies.

• Team Building & Development: Build and lead a high-performing security team, fostering a culture of security-first principles across the organization. Stay current with emerging security technologies and threats.

• Individual Contributor: Comfortable taking on hands-on tasks, such as responding to RFPs and Security Questionnaires, while also leading and mentoring a security team.

• Customer-Facing Role: Serve as a key representative for security discussions with customers, partners, and auditors. 

What We Are Looking For:

• 10+ years of progressive experience in security, risk management, and compliance roles, with at least 5 years in a manager capacity. 

• Deep knowledge of compliance standards such as SOC 2 Type II, ISO 27000 / 27001 / 42001, GDPR, and HIPAA, and hands-on experience identifying and working with third-party auditors.

• Strong technical background with hands-on experience in network security solutions, encryption, secure SDLC, and physical security systems.

• Demonstrated success in a face-paced and high-growth environments; SaaS, start-up, AI (ML, LLM, and GAI) and/or healthcare experience required. 

• CISSP, CISM, or other relevant security certifications are strongly preferred.

• Excel in customer-facing interactions by clearly communicating Thrive Gobal’s security posture and addressing customer inquiries. Ability to effectively engage with customers and external partners, addressing security-related concerns and establishing trust.

What We Offer:

• Being part of a mission-driven company that’s truly making a difference in the lives of people around the world

• Ability to develop within the company and shape our growth strategy

• A human-centric culture with a range of wellness perks and benefits

• A competitive compensation package

• Medical, dental and vision coverage + 401k program with company match

• Generous paid time-off programs

Compensation for this role depends on level, and will likely fall in the $207,000 - $269,000 range. We provide a competitive mix of salary, performance bonus, and equity

Thrive is deeply committed to creating a safe and welcoming work environment free of discrimination and harassment so that all employees can bring their whole selves to work.

Thrive is proud to ensure equal employment opportunity (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, disability, genetics, gender, gender identity, gender expression, sexual orientation, age, marital status, family or parental status, veteran status, or any other characteristic protected by applicable federal, state or local law.

Thrive is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. Please inform Thrive’s Recruiting team if you need any assistance completing any forms or to otherwise participate in the application process.