The RoleOwn and scale the data security, compliance, and AI governance program for Humanly, an HR tech platform entrusted with sensitive employee, candidate, and workforce data. This role sets strategy and drives execution to protect the company and its customers, enable revenue, ensure responsible AI development, and keep us ahead of a fast-moving regulatory landscape. Reports to the Chief Technical Strategist.
What You'll OwnSecurity & Compliance- Establish, maintain, and continuously improve the policies, procedures, and controls that protect the company and drive adoption across every function. Own the certification and audit roadmap and partner with engineering on secure SDLC, vulnerability management, and access governance.
- Design and run the security awareness program - onboarding, annual training, phishing simulations, and role-based training for engineers and high-risk functions - and foster a culture where security, privacy, and responsible AI are shared responsibilities rather than blockers.
- Own the security incident response plan and lead detection, containment, investigation, breach notification decisions, and post-incident review in partnership with legal.
- Maintain and regularly test business continuity and disaster recovery plans.
Privacy & Data Protection- Own the privacy program across GDPR, CCPA/CPRA, and the evolving patchwork of US state and international privacy laws, including data subject rights workflows, DPAs, and sub-processor disclosures.
- Partner closely with legal counsel, and serve as DPO where required.
AI Governance- Build and operate the AI governance framework - model inventory, risk classification, review and approval, bias and fairness testing, and ongoing monitoring - for both customer-facing AI features and internal employee use of AI tools.
- Drive compliance with AI-specific regulations affecting HR tech.
Risk Management- Maintain an enterprise risk register covering security, AI, privacy, and third-party risk, and drive periodic assessments and remediation.
- Lead vendor and third-party risk management and evaluate cyber insurance coverage in partnership with finance and legal.
Customer & Revenue Enablement- Own the security and trust narrative for prospects and customers, leading responses to RFIs, RFPs, and security questionnaires alongside GTM, and supporting Customer Success on customer security inquiries and assurance activities.
- Maintain a customer-facing trust center with current certifications, sub-processors, policies, and security documentation.
What You'll Bring- 5+ years in information security
- You've owned a compliance program end-to-end and not just contributed to one. You know what it takes to get to SOC 2, and what comes after
- You've operated in a regulated environment (GDPR, CCPA, or similar) and understand privacy not as a legal checkbox but as a product and trust issue
- Builder mindset. You can assess what's in place, decide what's worth keeping, and build what isn't there yet, without waiting for a team under you
- Commercial orientation. You've sat in customer calls, answered security questionnaires, and know how to turn trust into a revenue lever rather than a deal blocker
- AI governance experience, or strong familiarity with the emerging landscape. You understand the specific risks AI introduces in a data-sensitive product and have opinions on how to manage them
- Tactical-to-strategic range. You can go from reviewing a vendor contract to advising leadership, and you're comfortable with both
- AI fluency in your own work. You're already using AI tools to multiply your efforts, not just governing others' use of them
Even Better- Background in HR tech, fintech, health tech, or another vertical where people data is the core risk surface
- Hands-on AI governance experience: model inventory, bias testing, regulatory compliance.
- Relevant certifications: CISSP, CISM, CIPP/E, or equivalent
What We Offer- Collaborate with a diverse and passionate team dedicated to transforming the hiring landscape
- Competitive compensation + equity
- Company sponsored medical, dental, and vision plans for employees
- Learning & development stipend
- Wellness stipend
- 401(k) program
- 12 weeks fully paid parental leave
- Flexible PTO
- Recognition programs and prizes
- Company retreats and team building events!
