JOB DESCRIPTION:THE OPPORTUNITYAt Lingo, we're building a groundbreaking health platform that combines continuous biosensor data, real-time analytics, and personalized insights to help people live fuller, longer, and healthier lives. Our systems ingest millions of sensor readings daily, powering experiences for consumers and partners worldwide, with the reliability and scalability of cloud-native, enterprise-grade platforms.
We are looking for a Director, Security to help accelerate growth across the U.S., Spain, and India. In this role, you will build and lead a world-class, globally distributed security function responsible for the security of Lingo's products and processes. The role requires a hands-on leader who can partner deeply with engineering, product, quality, and regulatory teams to reduce risk while enabling fast, high-quality delivery in a regulated, consumer health environment.
You will own the end-to-end security strategy across Lingo's cloud platforms, mobile applications, biosensor/CGM data pipelines, AI/ML services, and supporting enterprise systems. You will establish security architecture and operational capabilities that scale globally, and you will grow and unify a team of security engineers who operate with consistent standards and urgency regardless of time zone.
What You'll Work On - Direct and provide a strategic risk management vision that scales globally to effectively secure products and data without slowing company innovation and execution.
- Build and lead a high-performing, globally distributed security organization across the U.S., Spain, and India, including hiring strategy, team structure, operating model, and budget ownership.
- Drive a strong security culture within the security team and across the broader organization through clear expectations, enablement, and partnership with engineering leadership.
- Define and communicate security KPIs and metrics aligned to business initiatives (e.g., vulnerability SLAs, threat modeling coverage, security test automation, incident response readiness) and present them to non-technical stakeholders in an understandable manner.
- Own security policies, standards, and reference architectures for cloud, mobile, data pipelines, and AI/ML services, including protections against emerging threats and objectives for monitoring and response.
- Partner with Product and Engineering to embed security-by-design practices (threat modeling, secure SDLC, dependency and container security, secrets management, secure configuration baselines) into delivery workflows.
- Establish and evolve a security maturity model that reduces complexity, focuses on fundamentals, and is tracked over time with measurable improvements.
- Lead vulnerability management across applications, cloud infrastructure, and endpoints, including triage, remediation governance, and verification of fixes.
- Require and schedule independent verification and validation activities (penetration tests, red team exercises, security code reviews, and assessments) using internal resources and trusted third parties.
- Build and operate incident response capabilities, including on-call rotations, playbooks, tabletop exercises, and post-incident reviews that drive preventive actions.
- Partner with program teams for stringent vetting and continual assessment of the supply chain, including third-party risk management, SBOM/CBOM practices, and vendor security reviews.
- Partner with Quality and compliance stakeholders to ensure security requirements are incorporated into business processes and product development lifecycle controls.
- Partner with Regulatory Affairs, Quality, and Legal to translate regulatory and privacy requirements into practical, scalable controls (e.g., FDA expectations, HIPAA, GDPR, 21 CFR Part 11 where applicable).
- Conduct internal assessments and training to bolster security and regulatory compliance across the product portfolio and associated development resources.
- Provide regular reporting to senior management on the threat landscape, material risks, tactical controls, and strategic roadmap; communicate tradeoffs and decisions clearly.
- Develop security awareness training for all employees and allocate budget for ongoing technical training and certifications for security staff.
- Actively recruit and lead by example to create a respectful, inclusive culture where employees want to work; build partnerships with higher education to grow a pipeline of future talent.
Required Qualifications- Bachelor's degree in computer science, engineering, or a related field, or equivalent practical experience.
- 15+ years in cybersecurity, product security, or security engineering, including 5+ years leading and scaling managers and/or globally distributed teams.
- Demonstrated experience building security programs (not just operating them), including org design, hiring, tooling strategy, and culture development.
- Strong background in secure software development practices for cloud and mobile products (secure SDLC, threat modeling, application security testing, dependency risk management).
- Experience securing cloud-native systems (e.g., AWS/Azure/GCP), including IAM, network security, logging/monitoring, secrets management, and infrastructure-as-code security.
- Experience leading vulnerability management and coordinating remediation across engineering organizations, with clear SLAs and verification practices.
- Proven incident response leadership, including building playbooks, running tabletop exercises, and driving post-incident corrective and preventive actions.
- Experience partnering with governance and compliance functions on risk assessments, exceptions, third-party risk, and audit readiness in regulated environments.
- Strong executive communication skills, with the ability to translate technical risks into business impact and influence decisions across cultures and time zones.
- Demonstrated ability to lead through influence in a fast-paced, cross-functional consumer technology and/or digital health environment.
Preferred Qualifications- Experience scaling security teams across U.S., European, and Asian geographies, with sensitivity to cross-cultural leadership and distributed operating models.
- Experience with security in regulated industries (medical devices, digital health, or life sciences), including familiarity with standards and expectations (e.g., ISO 27001/27002, ISO 13485 intersections, IEC 62304 security considerations, FDA cybersecurity guidance).
- Experience securing IoT or biosensor data platforms, including telemetry integrity, device-to-cloud security patterns, and high-throughput data pipelines.
- Background in privacy engineering and data protection (PII/PHI), including DPIAs, data minimization, and cross-border data considerations.
- Experience with security testing and assurance approaches for AI/ML systems (model abuse cases and secure model deployment practices).
- Relevant certifications (e.g., CISSP, CISM, CCSP, GIAC) or equivalent demonstrated expertise.
The base pay for this position is $172,000.00 - $344,000.00
In specific locations, the pay range may vary from the range posted.
JOB FAMILY:Information Risk & Quality Assurance
DIVISION:LNGO Lingo
LOCATION:United States > Alameda : 2901 Harbor Bay Parkway
ADDITIONAL LOCATIONS:WORK SHIFT:Standard
TRAVEL:Yes, 10 % of the Time
MEDICAL SURVEILLANCE:Not Applicable
SIGNIFICANT WORK ACTIVITIES:Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
