Listing Description

At The RealReal we emphasize customer data security in every aspect of our products and services. You will lead security from all angles, taking a 360-degree view of our security practices and product roadmap to ensure that we are in compliance with all applicable laws, directives, policies and client requirements regarding the safety of data and of our platform. You will ensure the implementation of the information security plans and manage the operational processes for monitoring and maintaining information security and compliance. As the security leader in our fast-growing business, you will have to wear many hats.

In addition to leading security & compliance, you will also be responsible for our IT/Technical Operations practice.  This scope includes device management, corporate applications & services, networking and technical helpdesk.

What You Get To Do Every Day

• Information Security:




• Establish and maintain the vision, strategy, and program to ensure information assets within The RealReal are adequately protected


• Identify, develop, implement, and maintain processes across the enterprise to proactively reduce and mitigate risks and bad actors


• Develop an incident response plan to drive cross-functional resolution


• Meet with prospects and customers to articulate how The RealReal secures their data


• Engage in and close deals and guide security issues in our product from being a deal blocker to a strength for The RealReal


• Triage and respond to incidents, establish and keep up-to-date appropriate standards and controls, and manage security technologies and tools therein


• Drive regular internal and external audits and compliance standards for PCI, SOX, ISO, SOC and others as necessary


• From a security standpoint drive the product roadmap and new feature development, working closely with the Product Management & Engineering team to assure hardening before release into the market


• Publish articles and as evangelist speak at conferences about The RealReal security and compliance


• Be up to date on global security trends and represent The RealReal as an authority on enterprise InfoSec, presenting to customer groups and industry forums in some instances


• Leverage best practices from the security industry to help secure customer data


• Some occasional need for hands-on technical implementation work to help customers deploy our technology


• Assist with internal and external audits; interface with auditors and external parties to satisfy company assessments 


• Identify, analyze and evaluate technology risk and measure the risk quantitatively and qualitatively


• Price out cost of remediation solutions in order to advise the business on the best risk solution portfolio




• Tech Operations:




• Lead the Help Desk team to maintain the highest level of performance and instill a customer service culture


• Management of 1500+ Mac PC and mobile devices


• Process development for standardizing Onboarding and ITSM support


• Deploy and support video conferencing across our global offices


• Balance daily operational requirements with long-term strategic planning and communication

What You Bring To The Role

• BSCS or BSEE or another quantitative field MS preferred and a MINIMUM of 10+ years as an information security professional preferably in a VP of Security or CISO role


• Demonstrated experience in designing and implementing programs to secure and maintain systems consistent with principles embodied in ISO, NIST, SSAE, FIPS, and the comparable US and international standards and frameworks


• Experience building programs to support SAST, DAST, & IAST while moving left in the SDLC


• Experience building and enhancing SIEM solutions to identify areas of opportunity sooner.


• Experience ensuring endpoint lifecycle


• Proven experience delivering security training programs to encompass best security practices to include phishing, endpoint practices, multi-factor, etc.


• Knowledge of email delivery systems and associated security practices


• Understanding of Sender Policy Framework - SPF, DomainKeys Identified Mail - DKIM, DMARC, Reporting, and Conformance


• Knowledge of user authentication frameworks - OAuth, SSO, Okta, Sailpoint   


• Extremely articulate with exceptional verbal, written and visual communication skills


• Highly analytical, you quickly distill and organize ambiguous situations to find clarity and solutions


• Self-starter, you have a bias towards action and rolling up your sleeves


• An entrepreneur at heart, you can’t help noticing things that can be improved and thinking of ways to improve them


• Track record of continuing professional development to keep abreast of latest developments relevant to discipline and industry


• Passion, drive, commitment and tenacity in leading via influencing


• Have a great, energetic & empathetic personality and remain diplomatic in all interactions

The expected salary range for this role is $250,000 - $295,000. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate’s skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR’s total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.

GHR8094 #LI-ES30 #LI-Remote