Head of Security and Compliance

Gimlet Labs

$150K — $200K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in security risk, compliance, or cloud security
  • Proficient with cloud platforms like AWS, Azure, or Google Cloud
  • In-depth understanding of networking, including firewalls and zero trust principles
  • Strong knowledge of software security concepts, such as secure SDLC and API security
  • Familiarity with compliance frameworks like SOC 2 and ISO 27001
  • Ability to document processes and collaborate with engineering teams
  • Excellent written and verbal communication skills

Responsibilities

  • Partner with engineering and product teams to identify security risks across AI and cloud platforms
  • Design and operationalize security programs aligning with frameworks like SOC 2 and ISO 27001
  • Enhance cloud and application security controls including IAM and encryption
  • Define security strategies for AI systems regarding access and data protection
  • Create processes for audit evidence collection and security reporting
  • Contribute to vendor risk management and incident response planning

Benefits

  • Ownership over security and compliance initiatives
  • Collaborative environment with engineering and product teams
  • Opportunity to shape security practices for AI systems
  • Access to rapid technology evolution in AI
  • Potential for high-impact contributions in a startup-like setting
Full Job Description
About this role

Gimlet Labs is looking for a Head of Security and Compliance to build and own the security and compliance foundation for an AI company operating across rapidly evolving AI systems serving production scale traffic for top frontier labs and hyperscalers.

This is a highly hands-on role for someone who can design the compliance program, implement the technical controls, and work directly with engineering to make security auditable, scalable, and practical. You will have significant ownership over the compliance stack, including policies, controls, evidence collection, audit readiness, vendor risk, and security tooling.

What you will work on
  • Partner directly with engineering, infrastructure, and product teams to identify security risks and design practical controls across AI platforms, cloud infrastructure, networking systems, APIs, and software delivery pipelines.
  • Build and operationalize security and compliance programs supporting frameworks such as SOC 2, ISO 27001, NIST CSF, NIST AI RMF, CSA CCM, and customer security requirements.
  • Drive improvements to cloud and application security controls, including IAM, network segmentation, encryption, logging, secrets management, vulnerability management, and secure SDLC practices.
  • Help define security approaches for AI systems, including model access controls, data protection, third-party AI tooling, auditability, and misuse prevention.
  • Build scalable processes for audit evidence collection, risk tracking, remediation management, and security reporting across technical and non-technical stakeholders.
  • Contribute to broader security and operational readiness efforts including vendor risk management, incident response preparedness, business continuity planning, and security policy development.
You may be a good fit for
  • Experience in security risk, compliance, GRC, cloud security, or infrastructure security.
  • Working knowledge of cloud platforms such as AWS, Azure, or Google Cloud.
  • Familiarity with networking concepts including firewalls, VPC/VNet design, VPNs, DNS, TLS, routing, segmentation, and zero trust principles.
  • Understanding of software security concepts, including secure SDLC, CI/CD, vulnerability management, secrets management, and API security.
  • Experience with compliance frameworks such as SOC 2, ISO 27001, NIST, CIS Controls, or CSA CCM.
  • Ability to document controls, gather evidence, assess gaps, and drive remediation with engineering teams.
  • Strong written and verbal communication skills.
Strong candidates may also have
  • Experience in an early-stage startup or high-ownership environment.
  • Experience supporting AI, machine learning, data infrastructure, or SaaS platforms.
  • Familiarity with AI governance frameworks such as NIST AI RMF or ISO/IEC 42001.
  • Experience with Kubernetes, containers, infrastructure as code, and cloud-native security tooling.
  • Certifications such as CISSP, CISA, CRISC, CCSP, CCSK, Security+, AWS Security Specialty, or Azure Security Engineer.
  • Experience implementing or administering GRC platforms, SIEMs, CSPM tools, vulnerability scanners, and ticketing workflows.

Similar Jobs

More Jobs at Gimlet Labs

More Information Technology Jobs

Find similar Head of Security and Compliance jobs: