Head of InfoSec and IT Operations

About Autonomize AI

Autonomize AI is revolutionizing healthcare by combining data and context to streamline knowledge workflows, reduce administrative burdens, and improve patient outcomes. We’re a high-velocity, mission-driven startup that values full-stack ownership, clear alignment, and customer obsession.

Location:

Austin, TX
• 12+ years’ experience
• Full time
• Reports to Chief Technology Officer

Autonomize AI is hiring a Head of Info Sec and IT Operations, responsible for establishing, operating, and continuously strengthening the company’s information security, cybersecurity, privacy, and AI governance programs. This role ensures that security and compliance are embedded into the company’s product architecture, cloud infrastructure, software development lifecycle, and client operations.

The Head of Info Sec and IT Operations will lead the development of a scalable, audit-ready security framework aligned with HIPAA, SOC 2 Type II, HITRUST CSF, ISO 27001 (as applicable), and evolving AI governance expectations. This role partners closely with Engineering, Product, Customer Success, and external stakeholders to protect sensitive healthcare data while enabling innovation and growth. This is a strategic and operational leadership role requiring expertise in regulated healthcare environments and modern AI-enabled platforms.

• Develop and execute a comprehensive enterprise information security strategy aligned with business growth and regulatory obligations.
• Establish and maintain security governance structures, policies, standards, and controls.
• Report regularly to executive leadership on cybersecurity posture, risk, and maturity.
• Conduct risk assessments.

• Ensure compliance with HIPAA Privacy and Security Rule, HITECH, and applicable state privacy and security laws.
• Oversee SOC 2 Type II, HITRUST, ISO 27001, and other certification efforts as appropriate.
• Maintain audit readiness for client security assessments and regulatory inquiries.
• Support Business Associate Agreement (BAA) obligations and downstream vendor oversight.
• Partner with internal stakeholders to align security guardrails with healthcare regulatory workflows (e.g., prior authorization, appeals, interoperability requirements).

• Oversee cloud security architecture (e.g., Azure, AWS), including encryption, key management, data segmentation, and secure configuration.
• Ensure implementation of least privilege and strong access controls.
• Oversee vulnerability management, endpoint security, logging, and monitoring capabilities.
• Maintain incident response plans and conduct regular tabletop exercises.

• Embed security into the Secure Software Development Lifecycle (Secure SDLC).
• Oversee application security testing (SAST, DAST, penetration testing).
• Establish controls for model governance, data lineage, training data protections, and AI risk management.
• Ensure safeguards around PHI handling in AI workflows, model training, testing, and prompt experimentation.
• Partner with Product and Engineering to ensure privacy-by-design and security-by-design principles.

• Oversee data classification, retention, minimization, and secure disposal policies.
• Ensure encryption at rest and in transit for sensitive data.
• Establish controls for de-identification, re-identification risk mitigation, and controlled data access.
• Support privacy impact assessments for new products and features.

• Establish and oversee vendor security due diligence processes.
• Ensure subcontractors meet contractual and regulatory security obligations.
• Monitor ongoing vendor risk and compliance.

• Lead cybersecurity incident response efforts; coordinate cross‑functional response teams.
• Ensure regulatory breach notification readiness and procedures.
• Oversee disaster recovery and business continuity planning.

• Build a culture of privacy and security awareness across the company.
• Develop employee training programs…