Chief Information Security Officer (CISO) - Chicago

About The Position

Requirements

• You've served as a CISO, VP of Security, or Head of Security at a high-growth tech company, ideally one building or deploying AI systems at scale.
• You have deep, hands-on experience securing AI and machine learning systems — not just theoretical knowledge, but real work protecting LLM architectures, model training pipelines, and inference infrastructure.
• You've built and operated cloud-native security programs across AWS, GCP, or Azure, including zero-trust frameworks, identity and access management, and secure multi-tenant architectures.
• You understand threat modeling and red teaming deeply, and you've led adversarial exercises against complex systems — ideally including AI-specific attack vectors like prompt injection, model inversion, or data poisoning.
• You've designed and implemented security monitoring, incident response, and compliance programs that scale — you know what good looks like at every stage from startup to enterprise readiness.
• You have a track record of building or contributing to security products, not just internal programs — something you shipped that customers used, or tooling that became infrastructure for others.
• You think like a founder. You see security as a competitive advantage and a product opportunity, not just a compliance checkbox. You want to build things, not just manage them.
• You are comfortable with ambiguity and energized by unsolved problems. The fact that no one has secured autonomous AI agents at scale yet doesn't intimidate you — it excites you.
• You are product-minded and commercially aware. You understand that security decisions have business implications, and you can articulate trade-offs in language that non-security stakeholders understand and respect.
• You are technical enough to earn respect from engineers and pragmatic enough to earn trust from clients. You can debug a containerized agent deployment in the morning and present to a CFO in the afternoon.
• You are a teacher and a builder of institutional knowledge. You document what you learn, you share what you know, and you leave systems better than you found them.
• You care deeply about doing the right thing. You take security seriously because real people and real organizations depend on it, and you hold yourself to the highest standard even when no one is watching.

Responsibilities

• Define and execute our security strategy from the ground up. You'll architect our internal security posture across infrastructure, data, and AI systems, establish governance models for how we deploy agents safely, and ensure we're prepared for compliance frameworks like SOC 2, ISO, and potentially FedRAMP as we scale into enterprise and government clients.
• Build security into AI agent systems as a first-class product feature. You'll design guardrails, monitoring, and policy enforcement for autonomous agents — ensuring they operate within defined boundaries, audit their own actions, and surface anomalies in real time. This isn't theoretical; you'll implement these systems in production environments where they directly impact client outcomes.
• Develop and potentially commercialize security products. The security tooling you build internally may become standalone offerings. You'll have the latitude to identify what's missing in the market, prototype solutions, and work with our product and engineering teams to turn internal infrastructure into revenue-generating products.
• Lead incident response, threat modeling, and adversarial testing. You'll build and run red team exercises against our AI systems, model attack vectors that don't yet have names, and develop response frameworks for risks unique to agentic AI — things like prompt injection at scale, model extraction, or adversarial manipulation of agent behavior.
• Serve as the public face of AI security for Human Agency. You'll represent us in client conversations, partner discussions, and industry forums. You'll publish, speak, and help shape the broader conversation around AI risk, alignment, and governance. If the industry doesn't yet have consensus on how to secure a given AI capability, you'll be one of the people defining it.
• Deploy and operate security infrastructure hands-on. You'll implement zero-trust architectures, secure multi-agent systems, deploy monitoring and detection tools, and build secure data pipelines. This is not a role where you delegate all technical work — you write code, you configure systems, you debug in production when necessary.