G
Posted 9 hours ago
Head of Security and Compliance
Gimlet LabsHead of Security and Compliance
Requirements
Experience in security risk, compliance, or cloud security, Knowledge of AWS, Azure, or Google Cloud, Familiarity with networking and zero trust principles, Understanding of secure SDLC and API security, Experience with SOC 2 or ISO 27001
Skills
Cloud SecurityComplianceGRC
About the role
About the Company
Gimlet is building the next generation of AI infrastructure: large-scale AI datacenters and the orchestration platform that coordinates them. We work with foundation labs, hyperscalers, and AI-native companies to power production workloads at massive scale.
Responsibilities
- Partner with engineering, infrastructure, and product teams to identify security risks and design practical controls across AI platforms, cloud infrastructure, and APIs
- Build and operationalize security and compliance programs supporting frameworks such as SOC 2, ISO 27001, NIST CSF, and NIST AI RMF
- Drive improvements to cloud and application security controls including IAM, network segmentation, encryption, and secrets management
- Define security approaches for AI systems, including model access controls and data protection
- Build scalable processes for audit evidence collection, risk tracking, and remediation management
- Contribute to vendor risk management, incident response preparedness, and business continuity planning
Requirements
- Experience in security risk, compliance, GRC, cloud security, or infrastructure security
- Working knowledge of cloud platforms such as AWS, Azure, or Google Cloud
- Familiarity with networking concepts including firewalls, VPC/VNet design, VPNs, and zero trust principles
- Understanding of software security concepts including secure SDLC, CI/CD, and API security
- Experience with compliance frameworks such as SOC 2, ISO 27001, NIST, or CSA CCM
- Ability to document controls and drive remediation with engineering teams
- Strong written and verbal communication skills
Preferred Qualifications
- Experience in an early-stage startup or high-ownership environment
- Experience supporting AI, machine learning, or data infrastructure platforms
- Familiarity with AI governance frameworks such as NIST AI RMF or ISO/IEC 42001
- Experience with Kubernetes, containers, and infrastructure as code
- Certifications such as CISSP, CISA, CRISC, CCSP, or AWS Security Specialty
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freeHead of Security and Compliance
Gimlet Labs · San Francisco
