Head of Information Security

Position Overview

• Location Type: Remote
• Employment Type: Full-Time
• Salary: (Not provided in the description)

Tonic.ai is seeking a dynamic leader to define, communicate, and execute Tonic’s information security and Technology roadmap. This role is ideal for someone interested in guiding the overall security and compliance program to reduce security risk across the company.

Responsibilities

• Security Management & Operations:
  • Evaluate and drive updates and/or migration of the application and infrastructure portfolio to achieve Tonic’s security and resiliency requirements.
  • Own security operations and incident responses to continuously monitor, defend, and respond to the security status of the organization.
  • Identify, negotiate, and select outside services, computer hardware, and software services with a clear framework of selection criteria.
• Governance & Compliance:
  • Oversee Tonic’s governance frameworks and compliance with relevant regulations and standards (e.g., SOC 2, GDPR, HIPAA).
  • Ensure continuous readiness for audits and certifications, partnering closely with external auditors and internal stakeholders.
  • Develop and maintain company-wide security and compliance policies, ensuring they remain current and well-communicated.
• Security & Risk Strategy:
  • Define, implement, and maintain Tonic’s overall security, compliance, privacy, and IT strategy and roadmap in alignment with business goals.
  • Continuously evaluate emerging threats and industry trends, adapting the security strategy to anticipate and mitigate risks.
• IT Infrastructure:
  • Own and manage day-to-day IT operations, ensuring our tools, systems and infrastructure meet the needs of a growing, global workforce.
  • Manage vendor relationships, contract negotiations, and service-level agreements for critical technology services.
• Sales and Go-to-Market Support:
  • Ensure Tonic’s security and compliance posture aligns with the requirements of the company’s existing and target customers, as well as with industry best practices.
  • Collaborate with Tonic’s leadership team to ensure proper data governance practices and compliance are fulfilled throughout the organization.
  • Ensure that Tonic employees adhere to and are compliant with the security requirements of our company.
  • Work with Tonic’s Sales, Customer Success, and Solutions Architect teams to answer customer third-party risk management questionnaires to protect Tonic’s liability while simultaneously supporting sales.

Requirements

• Experience: 10+ years of experience with at least 5 in information security, and 3+ years within a high-growth startup.
• Skills: Demonstrated success running an enterprise-wide information security program that has achieved SOC2 and HIPAA attestation.
• Knowledge: Ideally, knowledge and some experience with security and compliance obligations required for government contracting (e.g., FedRAMP, NIST 800-171, DFARS).
• Cloud Computing: Working knowledge of securing cloud computing environments (specifically AWS).

Company Information

• Company: Tonic.ai