Head of Security and Compliance
Job in
San Francisco, San Francisco County, California, 94102, USA
Listed on 2026-07-01
Listing for:
Gimlet Labs
Full Time
position Listed on 2026-07-01
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security, Security Manager
Job Description & How to Apply Below
Head Of Security And Compliance
Gimlet Labs is looking for a Head of Security and Compliance to build and own the security and compliance foundation for an AI company operating across rapidly evolving AI systems serving production scale traffic for top frontier labs and hyperscalers.
This is a highly hands-on role for someone who can design the compliance program, implement the technical controls, and work directly with engineering to make security auditable, scalable, and practical. You will have significant ownership over the compliance stack, including policies, controls, evidence collection, audit readiness, vendor risk, and security tooling.
What You Will Work On- Partner directly with engineering, infrastructure, and product teams to identify security risks and design practical controls across AI platforms, cloud infrastructure, networking systems, APIs, and software delivery pipelines.
- Build and operationalize security and compliance programs supporting frameworks such as SOC 2, ISO 27001, NIST CSF, NIST AI RMF, CSA CCM, and customer security requirements.
- Drive improvements to cloud and application security controls, including IAM, network segmentation, encryption, logging, secrets management, vulnerability management, and secure SDLC practices.
- Help define security approaches for AI systems, including model access controls, data protection, third-party AI tooling, auditability, and misuse prevention.
- Build scalable processes for audit evidence collection, risk tracking, remediation management, and security reporting across technical and non-technical stakeholders.
- Contribute to broader security and operational readiness efforts including vendor risk management, incident response preparedness, business continuity planning, and security policy development.
- Experience in security risk, compliance, GRC, cloud security, or infrastructure security.
- Working knowledge of cloud platforms such as AWS, Azure, or Google Cloud.
- Familiarity with networking concepts including firewalls, VPC/VNet design, VPNs, DNS, TLS, routing, segmentation, and zero trust principles.
- Understanding of software security concepts, including secure SDLC, CI/CD, vulnerability management, secrets management, and API security.
- Experience with compliance frameworks such as SOC 2, ISO 27001, NIST, CIS Controls, or CSA CCM.
- Ability to document controls, gather evidence, assess gaps, and drive remediation with engineering teams.
- Strong written and verbal communication skills.
- Experience in an early-stage startup or high-ownership environment.
- Experience supporting AI, machine learning, data infrastructure, or SaaS platforms.
- Familiarity with AI governance frameworks such as NIST AI RMF or ISO/IEC 42001.
- Experience with Kubernetes, containers, infrastructure as code, and cloud-native security tooling.
- Certifications such as CISSP, CISA, CRISC, CCSP, CCSK, Security+, AWS Security Specialty, or Azure Security Engineer.
- Experience implementing or administering GRC platforms, SIEMs, CSPM tools, vulnerability scanners, and ticketing workflows.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×