Head of Information Security

Summary

Join Tonic.ai as a dynamic leader to define, communicate, and execute the company's information security and technology roadmap. This role involves guiding the overall security and compliance program to mitigate security risks. You will manage security operations, incident responses, and vendor relationships. Responsibilities include overseeing governance frameworks, ensuring compliance with regulations (SOC 2, GDPR, HIPAA), and maintaining security policies. The position also requires defining and implementing the company's security strategy, evaluating emerging threats, and managing day-to-day IT operations. You will collaborate with various teams to ensure data governance and compliance, and support sales efforts by addressing customer security concerns.

Requirements

• 10+ years of experience with at least 5 in information security, and 3+ years within a high-growth startup
• Ability to roll up your sleeves and get your hands dirty, while also thinking strategically to see the big picture
• Demonstrated success running an enterprise-wide information security program that has achieved SOC2 and HIPAA attestation
• Ability to translate complex technical language and requirements into business language
• Hands-on leadership experience, and the desire to roll up your sleeves
• Experience in proactively identifying and resolving people, process, and technology challenges with creative solutions

Responsibilities

• Evaluate and drive updates and/or migration of the application and infrastructure portfolio to achieve Tonic.ai’s security and resiliency requirements
• Own security operations and incident responses to continuously monitor, defend, and respond to the security status of the organization
• Identify, negotiate, and select outside services, computer hardware, and software services with a clear framework of selection criteria
• Oversee Tonic.ai’s governance frameworks and compliance with relevant regulations and standards. Specifically, SOC 2, GDPR, and HIPAA Security and Privacy Rules
• Ensure continuous readiness for audits and certifications, partnering closely with external auditors and internal stakeholders
• Develop and maintain company-wide security and compliance policies, ensuring they remain current and well-communicated
• Define, implement, and maintain Tonic.ai’s overall security, compliance, privacy, and IT strategy and roadmap in alignment with business goals
• Continuously evaluate emerging threats and industry trends, adapting the security strategy to anticipate and mitigate risks
• Own and manage day-to-day IT operations, ensuring our tools, systems and infrastructure meet the needs of a growing, global workforce
• Manage vendor relationships, contract negotiations, and service-level agreements for critical technology services
• Ensure Tonic.ai’s security and compliance posture aligns with the requirements of the company’s existing and target customers, as well as with industry best practices
• Collaborate with Tonic.ai’s leadership team to ensure proper data governance practices and compliance are fulfilled throughout the organization
• Ensure that Tonic.ai employees adhere to and are compliant with the security requirements of our company
• Work with Tonic.ai’s Sales, Customer Success, and Solutions Architect teams to answer customer third-party risk management questionnaires to protect Tonic’s liability while simultaneously supporting sales

Preferred Qualifications

• Ideally, knowledge and some experience with security and compliance obligations required for government contracting (e.g. FedRAMP, NIST 800-171, DFARS)
• Working knowledge of securing cloud computing environments (specifically AWS, but experience with GCP, Azure, Oracle Cloud and IBM Cloud is a bonus) and associated risks and controls

Benefits

• Competitive salary and equity
• Unlimited paid time off
• 401k plan with employer contribution
• Medical, dental, and vision insurance
• Generous parental leave policy
• Remote-friendly work environment