Director, Cloud Security, Compliance Lead

About The Position

Requirements

• Education: Bachelor’s degree in computer science, Information Security, Cybersecurity, Engineering, or related field. Masters preferred.
• Experience: 5–8+ years in cloud security, information security, or a related role; hands-on experience with cloud environments (AWS, Azure, GCP) and Kubernetes is a plus; experience in governance, risk, and compliance activities.
• Certifications: CISSP, CISM, CCSK, ISO 27001 Lead Auditor, SOC 2 Practitioner, or cloud security certifications are desirable.
• Technical Skills: Strong understanding of cloud architectures, IAM, encryption, KMS, secret management, data protection, and network security.
• Familiarity with Kubernetes concepts and security considerations (RBAC, network policies, pod security standards) as they apply to governance and compliance contexts.
• Experience with policy frameworks and policy-as-code concepts (OPA, Kyverno, Checkov) for governance and automated compliance checks.
• Knowledge of SBOMs, software supply chain concepts, artifact signing (Cosign/Sigstore), and SBOM generation.
• Familiarity with audit-ready control mapping, risk assessment, and remediation tracking.
• Soft Skills: Excellent communication, stakeholder management, and the ability to translate complex security requirements into actionable business and engineering tasks.

Nice To Haves

• Experience with data-intensive research environments, HPC, or bioinformatics workloads.
• Familiarity with privacy by design, data governance, and model governance in ML/AI contexts.
• Prior startup or high-growth experience enabling developer velocity with strong guardrails; knowledge of Sigstore/Cosign and SLSA concepts for software supply chain integrity.
• Experience with at least one modern programming language (Python, Go, Rust, JavaScript) for automation or tooling.

Responsibilities

• Define and maintain cloud security strategy, reference architectures, and security baselines for public cloud (AWS, Azure, GCP) and hybrid deployments.
• Implement secure-by-default patterns for CI/CD is intentionally out of scope; focus on secure design patterns for cloud resources, data flows, and analytics.
• Establish IAM least privilege, network segmentation, private endpoints, key/secret management, and centralized logging across AWS, Kubernetes (where applicable), and cloud-native services.
• Develop, implement, and continuously improve policies, standards, and procedures aligned to applicable frameworks (e.g., NIST CSF, NIST 800-53, FedRamp, ISO 27001, SOC 2, GDPR/CCPA).
• Lead data protection program: data classification, data minimization, data retention, and data lifecycle management; oversee DLP strategies where relevant.
• Manage third-party risk assessments, vendor security questionnaires, and contract security annexes; maintain evidence for audits.
• Define and oversee security controls across cloud resources, including identity, access management, encryption, key management, log collection, and telemetry.
• Collaborate with Security Operations to establish monitoring, alerting, incident response coordination, and evidence collection for audits.
• Prepare for internal and external audits; map controls to frameworks and translate them into engineering artifacts and evidence.
• Maintain alignment with SOC 2, ISO 27001, and other regulatory requirements, coordinate with Legal and Privacy on data protection controls.
• Ensure secure data movement, storage, and access patterns; implement data lineage and isolation for training vs. inference in ML workflows.
• Address privacy-by-design considerations in data science processes; oversee secure handling of sensitive datasets.
• Partner with Engineering, IT, Legal, and Commercial teams to ensure cohesive risk management.
• Provide security training and awareness for engineering, data science, and product teams; translate security requirements into actionable tasks.
• Create and maintain security documentation, runbooks, policies, and evidence packs suitable for audits and regulator requests.

Benefits

• bonus potential
• generous early equity