Head of Information Security

Tonic.ai is seeking a dynamic leader to define, communicate, and execute Tonic’s information security and Technology roadmap. This role is ideal for someone interested in guiding the overall security and compliance program to reduce security risk across the company.

Security Management & Operations

• Evaluate and drive updates and/or migration of the application and infrastructure portfolio to achieve Tonic’s security and resiliency requirements

• Own security operations and incident responses to continuously monitor, defend, and respond to the security status of the organization

• Identify, negotiate, and select outside services, computer hardware, and software services with a clear framework of selection criteria

Governance & Compliance

• Oversee Tonic’s governance frameworks and compliance with relevant regulations and standards. Specifically, SOC 2, GDPR, and HIPAA Security and Privacy Rules

• Ensure continuous readiness for audits and certifications, partnering closely with external auditors and internal stakeholders

• Develop and maintain company-wide security and compliance policies, ensuring they remain current and well-communicated

Security & Risk Strategy

• Define, implement, and maintain Tonic’s overall security, compliance, privacy, and IT strategy and roadmap in alignment with business goals

• Continuously evaluate emerging threats and industry trends, adapting the security strategy to anticipate and mitigate risks

IT Infrastructure 

• Own and manage day-to-day IT operations, ensuring our tools, systems and infrastructure meet the needs of a growing, global workforce.

• Manage vendor relationships, contract negotiations, and service-level agreements for critical technology services

Sales and Go-to-Market Support

• Ensure Tonic’s security and compliance posture aligns with the requirements of the company’s existing and target customers, as well as with industry best practices

• Collaborate with Tonic’s leadership team to ensure proper data governance practices and compliance are fulfilled throughout the organization

• Ensure that Tonic employees adhere to and are compliant with the security requirements of our company 

• Work with Tonic’s Sales, Customer Success, and Solutions Architect teams to answer customer third-party risk management questionnaires to protect Tonic’s liability while simultaneously supporting sales

What You’ll Bring

• 10+ years of experience with at least 5 in information security, and 3+ years within a high-growth startup

• Ability to roll up your sleeves and get your hands dirty, while also thinking strategically to see the big picture

• Demonstrated success running an enterprise-wide information security program that has achieved SOC2 and HIPAA attestation

• Ideally, knowledge and some experience with security and compliance obligations required for government contracting (e.g. FedRAMP, NIST 800-171, DFARS)

• Working knowledge of securing cloud computing environments (specifically AWS, but experience with GCP, Azure, Oracle Cloud and IBM Cloud is a bonus) and associated risks and controls

• Ability to translate complex technical language and requirements into business language

• Hands-on leadership experience, and the desire to roll up your sleeves

• Experience in proactively identifying and resolving people, process, and technology challenges with creative solutions

Benefits We Offer

• Competitive salary and equity

• Unlimited paid time off

• 401k plan with employer contribution

• Medical, dental, and vision insurance

• Generous parental leave policy

• Remote-friendly work environment

About Tonic.ai

Tonic.ai empowers developers while protecting customer privacy by enabling companies to create safe, synthetic versions of their data for use in software development, model training, and AI implementation. Founded in 2018, with offices in San Francisco, Atlanta, New York, and London, the company is pioneering enterprise tools for data transformation, de-identification, synthesis, and subsetting, in pursuit of its mission to make data usable. Thousands of developers use data generated with Tonic on a daily basis to build their products faster in industries as wide ranging as healthcare, financial services, logistics, edtech, and e-commerce. Working with customers like eBay, Cigna, American Express, and Volvo, Tonic.ai innovates to advance its goal of advocating for the privacy of individuals while enabling companies to do their best work. For more information, visit https://www.tonic.ai or follow /tonicfakedata on LinkedIn.