Senior Director, Cloud Security, Compliance Lead

Your Impact at Lila

Cloud Security & Compliance Lead is responsible for the end-to-end security, governance, risk management, and regulatory compliance of Lila Sciences’ cloud environments and research workflows. You’ll own cloud security architecture, policy frameworks, data protection, and compliance programs across multi-cloud and on-premises contexts as appropriate. You’ll partner with Engineering, Data Science, IT, Legal, and Compliance to codify secure patterns, enable rapid yet safe experimentation, and maintain a robust governance program with auditable evidence for regulators and customers.

• Define and maintain cloud security strategy, reference architectures, and security baselines for public cloud (AWS, Azure, GCP) and hybrid deployments.
• Implement secure‑by‑default patterns for CI/CD is intentionally out of scope; focus on secure design patterns for cloud resources, data flows, and analytics.
• Establish IAM least privilege, network segmentation, private endpoints, key/secret management, and centralized logging across AWS, Kubernetes (where applicable), and cloud‑native services.

• Develop, implement, and continuously improve policies, standards, and procedures aligned to applicable frameworks (e.g., NIST CSF, NIST 800‑53, Fed Ramp, ISO 27001, SOC 2, GDPR/CCPA).
• Lead data protection program: data classification, data minimization, data retention, and data lifecycle management; oversee DLP strategies where relevant.
• Manage third‑party risk assessments, vendor security questionnaires, and contract security annexes; maintain evidence for audits.

• Define and oversee security controls across cloud resources, including identity, access management, encryption, key management, log collection, and telemetry.
• Collaborate with Security Operations to establish monitoring, alerting, incident response coordination, and evidence collection for audits.

• Prepare for internal and external audits; map controls to frameworks and translate them into engineering artifacts and evidence.
• Maintain alignment with SOC 2, ISO 27001, and other regulatory requirements, coordinate with Legal and Privacy on data protection controls.

• Ensure secure data movement, storage, and access patterns; implement data lineage and isolation for training vs. inference in ML workflows.
• Address privacy‑by‑design considerations in data science processes; oversee secure handling of sensitive datasets.
• Collaboration & Enablement:
  Partner with Engineering, IT, Legal, and Commercial teams to ensure cohesive risk management.
• Provide security training and awareness for engineering, data science, and product teams; translate security requirements into actionable tasks.

• Create and maintain security documentation, runbooks, policies, and evidence packs suitable for audits and regulator requests.

• Education:
  
  Bachelor’s degree in computer science, Information Security, Cybersecurity, Engineering, or related field. Masters preferred.
• Experience:
  
  5–8+ years in cloud security, information security, or a related role; hands‑on experience with cloud environments (AWS, Azure, GCP) and Kubernetes is a plus; experience in governance, risk, and compliance activities.
• Certifications:
  
  CISSP, CISM, CCSK, ISO 27001 Lead Auditor, SOC 2 Practitioner, or cloud security certifications are desirable.
• Technical
  
  Skills:
  
  Strong understanding of cloud architectures, IAM, encryption, KMS, secret management, data protection, and network security.
• Familiarity with Kubernetes concepts and security considerations (RBAC, network policies, pod security standards) as they apply to governance and compliance contexts.
• Experience with policy frameworks and policy‑as‑code concepts (OPA, Kyverno, Checkov) for governance and automated compliance checks.
• Knowledge of SBOMs, software supply chain concepts, artifact signing (Cosign/Sigstore), and SBOM generation.
• Familiarity with audit‑ready control mapping, risk assessment, and remediation tracking.
• Soft Skills:
  
  Excellent…