Head of Information Security (Seattle)
Jobtailor is looking for Head of Information Security (Seattle) in Seattle, WA.
This local job opportunity with ID 3753528815 is live since 2026-07-14 20:10:08.
Responsibilities
#J-18808-Ljbffr
- Own and scale the data security, compliance, and AI governance program for Humanly
- Establish, maintain, and continuously improve the policies, procedures, and controls that protect the company and drive adoption across every function
- Own the certification and audit roadmap and partner with engineering on secure SDLC, vulnerability management, and access governance
- Design and run the security awareness program - onboarding, annual training, phishing simulations, and role-based training for engineers and high-risk functions
- Own the security incident response plan and lead detection, containment, investigation, breach notification decisions, and post-incident review in partnership with legal
- Maintain and regularly test business continuity and disaster recovery plans
- Own the privacy program across GDPR, CCPA/CPRA, including data subject rights workflows, DPAs, and sub-processor disclosures
- Build and operate the AI governance framework - model inventory, risk classification, review and approval, bias and fairness testing, and ongoing monitoring
- Maintain an enterprise risk register covering security, AI, privacy, and third-party risk, and drive periodic assessments and remediation
- Own the security and trust narrative for prospects and customers, leading responses to RFIs, RFPs, and security questionnaires alongside GTM
- 5+ years in information security
- You've owned a compliance program end-to-end and not just contributed to one. You know what it takes to get to SOC 2, and what comes after
- You've operated in a regulated environment (GDPR, CCPA, or similar) and understand privacy not as a legal checkbox but as a product and trust issue
- Builder mindset. You can assess what's in place, decide what's worth keeping, and build what isn't there yet, without waiting for a team under you
- Commercial orientation. You've sat in customer calls, answered security questionnaires, and know how to turn trust into a revenue lever rather than a deal blocker
- AI governance experience, or strong familiarity with the emerging landscape. You understand the specific risks AI introduces in a data-sensitive product and have opinions on how to manage them
- Tactical-to-strategic range. You can go from reviewing a vendor contract to advising leadership, and you're comfortable with both
- AI fluency in your own work. You're already using AI tools to multiply your efforts, not just governing others' use of them
- information security
- compliance program management
- SOC 2
- GDPR
- CCPA
- AI governance
- vulnerability management
- security incident response
- business continuity planning
- disaster recovery
- builder mindset
- commercial orientation
- tactical-to-strategic range
- leadership
- communication
- problem-solving
- collaboration
- adaptability
- critical thinking
- customer engagement