Tonic.ai is seeking a dynamic leader to define, communicate, and execute Tonic’s information security and Technology roadmap. This role is ideal for someone interested in guiding the overall security and compliance program to reduce security risk across the company.
Evaluate and drive updates and/or migration of the application and infrastructure portfolio to achieve Tonic’s security and resiliency requirements
Own security operations and incident responses to continuously monitor, defend, and respond to the security status of the organization
Identify, negotiate, and select outside services, computer hardware, and software services with a clear framework of selection criteria
Oversee Tonic’s governance frameworks and compliance with relevant regulations and standards. Specifically, SOC 2, GDPR, and HIPAA Security and Privacy Rules
Ensure continuous readiness for audits and certifications, partnering closely with external auditors and internal stakeholders
Develop and maintain company-wide security and compliance policies, ensuring they remain current and well-communicated
Define, implement, and maintain Tonic’s overall security, compliance, privacy, and IT strategy and roadmap in alignment with business goals
Continuously evaluate emerging threats and industry trends, adapting the security strategy to anticipate and mitigate risks
Own and manage day-to-day IT operations, ensuring our tools, systems and infrastructure meet the needs of a growing, global workforce.
Manage vendor relationships, contract negotiations, and service-level agreements for critical technology services
Ensure Tonic’s security and compliance posture aligns with the requirements of the company’s existing and target customers, as well as with industry best practices
Collaborate with Tonic’s leadership team to ensure proper data governance practices and compliance are fulfilled throughout the organization
Ensure that Tonic employees adhere to and are compliant with the security requirements of our company
Work with Tonic’s Sales, Customer Success, and Solutions Architect teams to answer customer third-party risk management questionnaires to protect Tonic’s liability while simultaneously supporting sales
10+ years of experience with at least 5 in information security, and 3+ years within a high-growth startup
Ability to roll up your sleeves and get your hands dirty, while also thinking strategically to see the big picture
Demonstrated success running an enterprise-wide information security program that has achieved SOC2 and HIPAA attestation
Ideally, knowledge and some experience with security and compliance obligations required for government contracting (e.g. FedRAMP, NIST 800-171, DFARS)
Working knowledge of securing cloud computing environments (specifically AWS, but experience with GCP, Azure, Oracle Cloud and IBM Cloud is a bonus) and associated risks and controls
Ability to translate complex technical language and requirements into business language
Hands-on leadership experience, and the desire to roll up your sleeves
Experience in proactively identifying and resolving people, process, and technology challenges with creative solutions
Competitive salary and equity
Unlimited paid time off
401k plan with employer contribution
Medical, dental, and vision insurance
Generous parental leave policy
Remote-friendly work environment
Tonic.ai empowers developers while protecting customer privacy by enabling companies to create safe, synthetic versions of their data for use in software development, model training, and AI implementation. Founded in 2018, with offices in San Francisco, Atlanta, New York, and London, the company is pioneering enterprise tools for data transformation, de-identification, synthesis, and subsetting, in pursuit of its mission to make data usable. Thousands of developers use data generated with Tonic on a daily basis to build their products faster in industries as wide ranging as healthcare, financial services, logistics, edtech, and e-commerce. Working with customers like eBay, Cigna, American Express, and Volvo, Tonic.ai innovates to advance its goal of advocating for the privacy of individuals while enabling companies to do their best work. For more information, visit https://www.tonic.ai or follow /tonicfakedata on LinkedIn.
