×
Register Here to Apply for Jobs or Post Jobs. X

Head of Security and Compliance

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: HEN Technologies
Full Time position
Listed on 2026-06-19
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 250000 USD Yearly USD 250000.00 YEAR
Job Description & How to Apply Below

At HEN Technologies, we’re building Physical AI for the real world—intelligent systems that sense, understand, and act in high-stakes physical environments. Our first application is transforming fire response: combining advanced fluid dynamics, IoT-enabled hardware, real-world operational data, and AI-powered decision support to help firefighters suppress fires faster, use less water, reduce fatigue, and improve safety. By connecting the physical layer of emergency response with predictive intelligence, HEN is building the infrastructure for a safer, more adaptive future.

About

the Role

We’re looking for a hands‑on security and compliance leader with a strong SaaS, AI/ML and data oriented application architecture, and experience with IoT systems. This leader will own information security, product security, and compliance across our entire stack - devices, cloud, web, mobile, and AI. You will lead our first SOC 2 audit, build the security program to support Series B due diligence and enterprise fire‑department procurement, partner closely with our engineering directors across Cloud/Data, AI/ML, Firmware/IoT, and Hardware, and serve as the executive face of security to customers, investors, and the board.

Responsibilities
  • Security strategy & engineering leadership. Define the security and compliance roadmap aligned with company goals, customer requirements, and the regulatory environment. Build the team over time.

  • SOC 2 audit (Type I, then Type II). Own the end‑to‑end SOC 2 program: auditor relationship, compliance tooling (Vanta/Drata or equivalent), policy authoring, control implementation, evidence collection, and remediation.

  • Cloud security (GCP). Partner with the Head of Cloud and Data engineering to mature GCP security posture: IAM, VPC and network design, KMS, Secret Manager, Security Command Center, Cloud Logging and detection engineering.

  • Product security across the stack. Embed security into the SDLC for our cloud platform, web app, mobile apps, firmware, and edge AI components. Drive threat modeling, secure design reviews, SAST/SCA/secret scanning, and penetration testing.

  • IoT and embedded device security. Partner with the Head of Firmware/IoT on device identity and provisioning, secure boot, signed firmware, OTA update security, code‑signing key management, and device fleet hygiene.

  • AI/ML governance. Partner with the Head of AI/ML to establish governance for models, training data, third‑party LLM usage, prompt and output handling, and edge inference. Build a defensible AI risk story for customers and investors.

  • Identity, access & corporate IT security. Own SSO, MFA, least‑privilege access, quarterly access reviews, MDM coverage, and endpoint protection across the company.

  • Vendor and third‑party risk. Build and run the vendor risk program. Maintain sub‑processor inventory, DPAs, and SOC 2 collection for critical vendors. Review AI/LLM vendor terms for data handling.

  • Incident response & business continuity. Own the IR plan, BCP and DR plans. Run tabletop exercises and DR tests. Lead response on any material security incident.

  • Customer trust & enterprise sales support. Be the executive owner of customer security questionnaires, security one‑pagers, the trust page, and customer security calls. Support sales on enterprise and fire‑department procurements.

  • Lead security due diligence, and brief the senior leadership on security posture and risk on a regular cadence.

  • Regulatory readiness. Stay ahead of the regulatory landscape relevant to fire department customers: where applicable, CJIS, HIPAA (for EMS data), state breach notification laws, federal AI executive orders, and emerging IoT security regulation.

Must‑have qualifications
  • 12+ years in information security, with at least 4 years leading a security function.

  • Personally led at least one company through SOC 2 (Type I and Type II) at a similar‑stage company - not just "managed compliance at a larger company."

  • Strong cloud security background, ideally GCP (AWS or Azure depth with willingness to ramp on GCP also works).

  • Hands‑on technical credibility. You can read a Terraform module, review an IAM policy, and have a substantive conversation about TLS…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary