Head of Information Security

Atomic Machines is ushering in a new era in micromanufacturing with its Matter Compiler (MC) technology. The MC enables new classes of micromachines to be designed and built by offering manufacturing processes and a materials library that is inaccessible to semiconductor manufacturing methods. The MC promises to unlock MEMS manufacturing both for the many device classes that never could be made by semiconductor methods but also to open up entirely new classes. Furthermore, the MC is fully digital in the way 3D printing is digital, but where 3D printing produces parts of a single material using a single process, the MC is a multi-process, multi-material technology: bits and raw materials go in and complete, functional micromachines come out.  The Atomic Machines team has also created an exciting first device – one that was only made possible by the existence of the Matter Compiler – that we will be unveiling to the world soon. 
Our offices are in Berkeley and Santa Clara, California.
About this Role:
This is a broad-responsibility, high-judgment technical leadership role managing the InfoSec function and implementing the security and IT infrastructure of a rapidly growing startup company with engineering offices in Berkeley and Santa Clara. As the Head of Information Security, you will lead and oversee the design, implementation, and maintenance of robust security solutions within platform, data, and engineering environments. 
The ideal candidate will possess strong leadership skills, deep technical expertise, and a strategic mindset to safeguard the organization's digital assets. This is a full-time, onsite position in either our Berkeley or Santa Clara office, with a need to work from the other office occasionally.

What You’ll Do:

• Directly manage the Information Security functions of Atomic Machines.
• Develop a strategic vision for protecting Atomic Machines’ assets, including intellectual property (IP), financial records, personal information for staff and customers, and physical assets such as computers and lab equipment.
• Lead the design, development, and implementation of robust security architectures and policies for cloud-native and locally hosted systems, ensuring scalability, resilience, and efficiency.
• Conduct regular security assessments, threat modeling, and risk analysis to identify vulnerabilities and recommend appropriate mitigations.
• Stay up-to-date with the latest threat landscape and security technologies, tools, and frameworks to continuously enhance the company's security posture. 
• Implement security controls into the development team’s continuous integration and deployment pipelines. 
• Develop and present training materials for all employees to allow the team to understand and follow best security practices.
• Plan, execute, and document all security-related aspects of the rapid growth of our networking and software infrastructure.
• Proactively monitor and expand systems as the company grows to ensure continued robust and reliable performance of network infrastructure.
• Own and manage information security as it extends to physical access control systems.
• Partner with and manage external agencies and vendors when additional coverage and support are needed. 
• Lead and execute on IT Risk & Compliance roadmap.
• Lead IT security incident response, performing triage and determining if security incidents require escalation and/or further response.
• Implement cybersecurity best practices using relevant security frameworks, such as ISO 27001, NIST, SANS Critical 20, COBIT, etc.
• Perform internal audit tasks.
• Read and interpret ISO 27001, SOC 2, and other relevant certification reports from vendors to assess their security preparedness and representation of Atomic Machine's interests.
• Review contractual agreements and comment on security and data protection as needed.

What You’ll Need:

• 8+ years of experience in Information Security, ideally with at least 3 years of management.
• Experience managing all of Information Security for a company, including Cyber Security (ideally including startup experience).
• Experience developing and presenting a cyber security training program.
• Experience managing security concerns for modern cloud-first architectures as well as complex on-site production systems.
• Proven experience with incident response, vulnerability management, and risk assessment methodologies.
• Extensive AWS and Azure AD (Entra ID) cloud security experience, including cloud security monitoring, logging, security configuration, and  IAM. 
• High-level proficiency with SAML/SSO solutions and using hardware MFA keys.
• Hands-on experience with security tools and technologies, such as SIEM, MDR, IDS/IPS, WAF, DLP, and vulnerability scanners.
• Proven experience with incident response, vulnerability management, and risk assessment methodologies.
• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI).
• General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SOC 1/2/3, SANS top 20 and NIST 800-53.
• CISSP, CCSP, CISM, CSSP or similar security credentials.
• Propensity to work in fast-paced environments with minimal guidance.
• Ability to explain complex issues in terms appropriate for technical or non-technical audiences.
• Flexibility to work daily in our Berkeley office and commute to our Santa Clara office as needed.
• BS in Computer Science, Information Security, IT Management, or a related field preferred.