Senior Director, Cloud Security, Compliance Lead
Listed on 2026-07-01
-
IT/Tech
Cybersecurity, Data Security, Information Security
Senior Director, Cloud Security, Compliance Lead
San Francisco, CA USA
Your Impact at LILA
Cloud Security & Compliance Lead is responsible for the end-to-end security, governance, risk management, and regulatory compliance of Lila Sciences' cloud environments and research workflows. You'll own cloud security architecture, policy frameworks, data protection, and compliance programs across multi-cloud and on-premises contexts as appropriate. You'll partner with Engineering, Data Science, IT, Legal, and Compliance to codify secure patterns, enable rapid yet safe experimentation, and maintain a robust governance program with auditable evidence for regulators and customers.
What You'll Be Building
Cloud Security Architecture & Governance
- Define and maintain cloud security strategy, reference architectures, and security baselines for public cloud (AWS, Azure, GCP) and hybrid deployments.
- Implement secure-by-default patterns for cloud resources, data flows, and analytics.
- Establish IAM least privilege, network segmentation, private endpoints, key/secret management, and centralized logging across AWS, Kubernetes (where applicable), and cloud-native services.
Governance, Compliance & Risk Management
- Develop, implement, and continuously improve policies, standards, and procedures aligned to applicable frameworks (e.g., NIST CSF, NIST 800-53, Fed Ramp, ISO 27001, SOC 2, GDPR/CCPA).
- Lead data protection program: data classification, data minimization, data retention, and data lifecycle management; oversee DLP strategies where relevant.
- Manage third-party risk assessments, vendor security questionnaires, and contract security annexes; maintain evidence for audits.
Security Controls & Monitoring
- Define and oversee security controls across cloud resources, including identity, access management, encryption, key management, log collection, and telemetry.
- Collaborate with Security Operations to establish monitoring, alerting, incident response coordination, and evidence collection for audits.
Compliance & Audit Readiness
- Prepare for internal and external audits; map controls to frameworks and translate them into engineering artifacts and evidence.
- Maintain alignment with SOC 2, ISO 27001, and other regulatory requirements, coordinate with Legal and Privacy on data protection controls.
Data, ML/AI Security & Privacy
- Ensure secure data movement, storage, and access patterns; implement data lineage and isolation for training vs. inference in ML workflows.
- Address privacy-by-design considerations in data science processes; oversee secure handling of sensitive datasets.
- Collaboration & Enablement
- Partner with Engineering, IT, Legal, and Commercial teams to ensure cohesive risk management.
- Provide security training and awareness for engineering, data science, and product teams; translate security requirements into actionable tasks.
Evidence & Documentation
- Create and maintain security documentation, runbooks, policies, and evidence packs suitable for audits and regulator requests.
What You'll Need to Succeed
- Education:
Bachelor's degree in computer science, Information Security, Cybersecurity, Engineering, or related field. Masters preferred. - Experience:
5–8+ years in cloud security, information security, or a related role; hands-on experience with cloud environments (AWS, Azure, GCP) and Kubernetes is a plus; experience in governance, risk, and compliance activities. - Certifications:
CISSP, CISM, CCSK, ISO 27001 Lead Auditor, SOC 2 Practitioner, or cloud security certifications are desirable. - Technical
Skills:
Strong understanding of cloud architectures, IAM, encryption, KMS, secret management, data protection, and network security. - Familiarity with Kubernetes concepts and security considerations (RBAC, network policies, pod security standards) as they apply to governance and compliance contexts.
- Experience with policy frameworks and policy-as-code concepts (OPA, Kyverno, Checkov) for governance and automated compliance checks.
- Knowledge of SBOMs, software supply chain concepts, artifact signing (Cosign/Sigstore), and SBOM generation.
- Familiarity with audit-ready control mapping, risk assessment, and remediation tracking.
- Soft Skills:
Excellent…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).