Head of Security

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Advance the Security & Compliance Program

• Evaluate and enhance the current security program by identifying weaknesses, prioritizing enhancements, and introducing more structure to existing processes.

• Establish security policies and frameworks that are suitable for our current growth stage.

• Take ownership of and improve our compliance posture. We currently have SOC 2 Type II certification, and your role will involve maintaining it, enhancing our controls, and automating processes whenever feasible.

• Ensure adherence to HIPAA and other healthcare data regulations, while developing a strong PHI protection program.

• Safeguard the Data Pipeline

• Secure the entire lifecycle of training data, encompassing ingestion, processing, storage, preparation, and delivery.

• Collaborate with engineering to integrate security within CI/CD pipelines, cloud infrastructure, and data workflows.

• Be Technical and Hands-On

• Perform threat modeling, architecture reviews, and security assessments at the code level.

• Lead incident response efforts when issues arise.

• Assess and implement security tools.

• Enable the Business

• Convert security risks into business language for the executive team and board members.

• Act as the security representative for customers by addressing security questionnaires, supporting sales cycles, and fostering trust with AI company partners and clients.

• Cultivate a security-conscious culture throughout the company via training and streamlined processes that do not hinder team productivity.

• Scale the Function

• Determine what to develop, purchase, or outsource.

• Outline the roadmap for the evolution of security from Series A through the rapid growth phase.

⛳️ Requirements

• 8+ years of experience in security roles, including at least 2 years in a leadership position.

• Strong technical background: you have experience working as or alongside engineers and can competently review architecture, infrastructure, and code.

• Proven experience in building or significantly enhancing a security program at an early-stage or high-growth company (rather than just maintaining one at a large enterprise).

• In-depth knowledge of cloud security (AWS, GCP, or Azure), identity/access management, and large-scale data protection.

• Practical experience with compliance frameworks (SOC 2, ISO 27001). You have maintained certifications and understand how to broaden the scope without overcomplicating the issue.

• Hands-on experience with HIPAA compliance.

• Ability to operate effectively as both an individual contributor and a leader.

• Nice to Haves: Experience in securing data pipelines or working with data-intensive platforms.

• Experience in a data infrastructure company.

• Background in AI/ML or in companies selling to technical buyers.

• Familiarity with data provenance, lineage tracking, or data governance in ML contexts.

• Knowledge of supply chain security.

• Previous experience as a customer-facing security leader.

🏝️ Benefits

• Health insurance

• Flexible work arrangements