Head of InfoSec and IT Operations
Autonomize AI · Austin, TX · 2 wk ago
On-siteInformation TechnologyFull-time
Role Overview
Location: Austin, TX | 12+ years’ experience | Full time | Reports to Chief Technology Officer
Autonomize AI is hiring a Head of InfoSec and IT Operations, responsible for establishing, operating, and continuously strengthening the company’s information security, cybersecurity, privacy, and AI governance programs.
Key Responsibilities
- Security Strategy and Governance
- Develop and execute a comprehensive enterprise information security strategy aligned with business growth and regulatory obligations.
- Establish and maintain security governance structures, policies, standards, and controls.
- Report regularly to executive leadership on cybersecurity posture, risk, and maturity.
- Conduct risk assessments.
- Healthcare Regulatory and Compliance Alignment
- Ensure compliance with HIPAA Privacy and Security Rule, HITECH, and applicable state privacy and security laws.
- Oversee SOC 2 Type II, HITRUST, ISO 27001, and other certification efforts as appropriate.
- Maintain audit readiness for client security assessments and regulatory inquiries.
- Support Business Associate Agreement (BAA) obligations and downstream vendor oversight.
- Partner with internal stakeholders to align security guardrails with healthcare regulatory workflows (e.g., prior authorization, appeals, interoperability requirements).
- Cloud and Infrastructure Security
- Oversee cloud security architecture (e.g., Azure, AWS,) including, encryption, key management, data segmentation, and secure configuration.
- Ensure implementation of least privilege and strong access controls.
- Oversee vulnerability management, endpoint security, logging, and monitoring capabilities.
- Maintain incident response plans and conduct regular tabletop exercises.
- Secure Software Development and AI Security
- Embed security into the Secure Software Development Lifecycle (Secure SDLC).
- Oversee application security testing (SAST, DAST, penetration testing).
- Establish controls for model governance, data lineage, training data protections, and AI risk management.
- Ensure safeguards around PHI handling in AI workflows, model training, testing, and prompt experimentation.
- Partner with Product and Engineering to ensure privacy-by-design and security-by-design principles.
- Data Protection and Privacy
- Oversee data classification, retention, minimization, and secure disposal policies.
- Ensure encryption at rest and in transit for sensitive data.
- Establish controls for de-identification, re-identification risk mitigation, and controlled data access.
- Support privacy impact assessments for new products and features.
- Sub-Vendor Risk Management
- Establish and oversee vendor security due diligence processes.
- Ensure subcontractors meet contractual and regulatory security obligations.
- Monitor ongoing vendor risk and compliance.
- Incident Response and Business Continuity
- Lead cybersecurity incident response efforts; coordinate cross-functional response teams.
- Ensure regulatory breach notification readiness and procedures.
- Oversee disaster recovery and business continuity planning.
- Security Culture and Awareness
- Build a culture of privacy and security awareness across the company.
- Develop employee training programs specific to PHI handling and AI-enabled workflows.
- Serve as a visible leader in customer security discussions and sales cycles.
Qualifications
- Experience
- 12+ years of progressive information security leadership experience.
- Demonstrated experience as a security leader within a healthcare technology company, health plan, provider organization, or regulated SaaS environment.
- Deep knowledge of HIPAA Privacy and Security Rules and healthcare regulatory environments.
- Experience leading SOC 2 Type II and/or HITRUST certification processes.
- Expertise in cloud security architecture and modern DevSecOps practices.
- Experience managing security for AI/ML-enabled platforms preferred.
- Proven ability to interface with customers and support security questionnaires and audits.
- Strong executive presence and ability to communicate complex security risks to non-technical stakeholders.
- Skills
- Strategic risk leadership
- Regulatory fluency in healthcare
- Technical depth in cloud and application security
- Executive communication and reporting
- Ability to balance innovation velocity with risk mitigation
- Scalable program design in growth-stage environments
What We Offer
- High-impact opportunity to shape the future of healthcare AI.
- Autonomy, ownership, and the ability to chart your own growth path.
- Competitive base salary + commission + accelerators.
- 100% employer-paid health, dental, and vision insurance.
- Retail plans (401k), disability insurance, and employee assistance programs.
- Work with a bold, fast-moving team solving meaningful problems.
How to Apply
Send your resume and a brief note to careers@autonomize.ai explaining why you’re the right partner to expand our most strategic national accounts.