Security & Compliance Lead

About Didask

Didask is a SaaS eLearning solution that enables organizations to create effective online training programs with ease and strong pedagogical foundations. It is the first platform on the market to integrate a pedagogical assistant, designed by our researchers based on recommendations from cognitive science research. This innovative technology generates tailored training frameworks aligned with your learners' cognitive needs and guides you step-by-step in designing adaptive learning experiences with proven educational impact.

Our platform also leverages cutting-edge Generative AI (GenAI) capabilities, enhanced by our deep expertise in cognitive science. Unlike generic AI tools, Didask’s GenAI is specifically designed to meet the unique challenges of learning and training, ensuring outputs that are not only innovative but also scientifically grounded and pedagogically effective.

As a French EdTech company, Didask was founded by researchers from the prestigious École Normale Supérieure (ENS) in Paris, driven by a passion for education and pedagogy. Since late 2021, we have been supported by a European investment fund that drives our growth and ambitious development projects.

At Didask, we combine advanced research, innovative AI, and a mission to make impactful learning accessible to all. Join us to help shape the future of education!

Job description

As Security & Compliance Lead at Didask, you will serve as our Information Security Officer and Data Protection Officer (DPO), representing Didask both internally and externally on all security and compliance matters. Your mission: ensure we operate at the highest standards while maintaining our agility, by selecting and implementing the right frameworks for security, privacy, and quality.

Working closely with engineering teams and interfacing with prospects, customers, auditors and authorities, you'll have a broad scope of ownership:

• Security & Risk Management: Define and implement our security strategy. Lead risk assessments and business continuity planning. Build and maintain our security program, including training and incident response. Partner with engineering teams on security controls implementation.

• Security & Privacy Compliance: Serve as Data Protection Officer. Maintain our ISO 27001 certification and manage our compliance platform (Vanta). Define our certification roadmap (e.g., SOC 2) based on market requirements. Handle data subject requests and regulatory inquiries.

• Training Quality Management: Oversee our Qualiopi certification for professional training. Define and monitor training quality indicators. Ensure that the processes set up within this framework evolve in line with regulations and business changing needs. Ensure compliance with professional training regulations.

• Product Quality & Reliability: Drive our product accessibility compliance (RGAA) and service level objectives. Partner with engineering teams on quality standards implementation and SLA monitoring. Contribute to incident management processes and continuous service improvement.

• AI Trust & Safety: Implement quality assurance processes for AI-generated content. Define and maintain AI safety guidelines. Monitor AI system outputs for compliance with our standards and upcoming regulations (EU AI Act). Coordinate with ML teams on compliance requirements.

• Enterprise & Contract: Lead security questionnaire responses for enterprise prospects. Create and maintain compliance documentation. Partner with sales teams to address security concerns. Own our terms of service and customer contracts from a compliance perspective.

Your profile

We're looking for someone who can bridge the gap between technical requirements, regulatory compliance, and business objectives. Here's what we expect:

• Team Culture: You excel in our transparent, written-first environment where we value clear documentation and async communication. You share our belief that security and privacy should be built on openness rather than obscurity. You have experience fostering a security-minded culture across an organization.

• Leadership & Ownership: You take ownership of your domains while knowing when to involve others. You're proactive in identifying and addressing issues, but also systematic in how you implement solutions. You're comfortable making decisions with incomplete information while maintaining rigorous follow-through.

• Communication Excellence: Exceptional ability to present security and compliance topics to diverse audiences. Experience addressing enterprise prospects' concerns during sales cycles. Outstanding documentation skills for both internal processes and customer-facing materials. Strong presentation abilities with a track record of building trust with technical and business stakeholders.

• Regulatory Expertise: Strong understanding of security, privacy, and training requirements (ISO 27001, GDPR, AI Act, Qualiopi). Experience managing certification processes and quality indicators. Solid grasp of accessibility standards. Track record of building compliance programs that support business growth.

• Technical Understanding: Experience with cloud security architecture and service reliability engineering. Familiarity with quality monitoring and incident response practices. Understanding of AI/ML systems and their compliance considerations.

• Business Acumen: Experience with enterprise SaaS contracts and service level agreements. Understanding of B2B SaaS business models and enterprise sales cycles. Ability to balance risk management with business objectives.

Interview process

Apply by answering a few written questions about your experience and vision for security at Didask.

If your profile matches our needs, here's what to expect:

1. A screening interview to discuss your background and approach to security.

2. A take-home exercise focused on a compliance scenario.

3. A technical discussion with engineering leads about security architecture.

4. A final conversation with product leadership about vision and strategy.

Language and location

Didask is transitioning to English as our internal working language in 2025. Professional proficiency in English is required. Speaking French is optional. The team will make sure you never feel excluded if you don't.

Unless specified otherwise, all our positions are remote-first. At the moment, we can only accept candidates who are French fiscal residents. You can work from anywhere in a timezone close to ours, as long as you have good working conditions (including a good Internet connection for fluid videoconferencing).