Jobtailor is looking for Head of Information Security (Seattle) in Seattle, WA. This local job opportunity with ID 3753528815 is live since 2026-07-14 20:10:08.
Responsibilities
Own and scale the data security, compliance, and AI governance program for Humanly
Establish, maintain, and continuously improve the policies, procedures, and controls that protect the company and drive adoption across every function
Own the certification and audit roadmap and partner with engineering on secure SDLC, vulnerability management, and access governance
Design and run the security awareness program - onboarding, annual training, phishing simulations, and role-based training for engineers and high-risk functions
Own the security incident response plan and lead detection, containment, investigation, breach notification decisions, and post-incident review in partnership with legal
Maintain and regularly test business continuity and disaster recovery plans
Own the privacy program across GDPR, CCPA/CPRA, including data subject rights workflows, DPAs, and sub-processor disclosures
Build and operate the AI governance framework - model inventory, risk classification, review and approval, bias and fairness testing, and ongoing monitoring
Maintain an enterprise risk register covering security, AI, privacy, and third-party risk, and drive periodic assessments and remediation
Own the security and trust narrative for prospects and customers, leading responses to RFIs, RFPs, and security questionnaires alongside GTM
Requirements
5+ years in information security
You've owned a compliance program end-to-end and not just contributed to one. You know what it takes to get to SOC 2, and what comes after
You've operated in a regulated environment (GDPR, CCPA, or similar) and understand privacy not as a legal checkbox but as a product and trust issue
Builder mindset. You can assess what's in place, decide what's worth keeping, and build what isn't there yet, without waiting for a team under you
Commercial orientation. You've sat in customer calls, answered security questionnaires, and know how to turn trust into a revenue lever rather than a deal blocker
AI governance experience, or strong familiarity with the emerging landscape. You understand the specific risks AI introduces in a data-sensitive product and have opinions on how to manage them
Tactical-to-strategic range. You can go from reviewing a vendor contract to advising leadership, and you're comfortable with both
AI fluency in your own work. You're already using AI tools to multiply your efforts, not just governing others' use of them