Head of Information Security & IT

Rad AI•San Francisco, CA

About The Position

At Rad AI, we’re on a mission to transform healthcare with artificial intelligence. Founded by a radiologist, our AI-driven solutions are revolutionizing radiology—saving time, reducing burnout, and improving patient care. With one of the largest proprietary radiology report datasets in the world, our AI has helped uncover hundreds of new cancer diagnoses and reduced error rates in tens of millions of radiology reports by nearly 50%. Rad AI has secured over $140M in funding, including a recently oversubscribed Series C ($68M round) led by Transformation Capital, bringing our valuation to $528M. Our investors include Khosla Ventures, World Innovation Lab, Gradient Ventures, Cone Health Ventures, and others—all backing our mission to empower physicians with cutting-edge AI. Our latest advancements in generative AI are used by thousands of radiologists daily, supporting more than one-third of radiology groups and healthcare systems and nearly 50% of all medical imaging in the U.S. at partners including Cone Health, Jefferson Einstein Health, Geisinger, Guthrie Healthcare System, and Henry Ford Health. Recognized as one of the most promising healthcare AI companies by CB Insights and AuntMinnie, and ranked by Deloitte as the 19th fastest-growing company in North America, we are building AI-powered solutions that make a real impact. Most recently, Rad AI was named to CNBC’s Disruptor 50 list, highlighting the innovation and momentum behind our mission. If you’re ready to shape the future of healthcare, we’d love to have you on our team! Why we need you Every one of our customer relationships is built on trust: trust that we will protect PHI, trust that our AI will behave safely, and trust that we’ll stand behind our commitments when something unexpected happens. As we scale across health systems, radiology groups, and large enterprises, that trust increasingly hinges on the strength of our security and compliance program. You are the person who turns security from a potential blocker into a durable competitive advantage. Without you, SOC 2 and HIPAA audits become fire drills, customer questionnaires drag out our deals, and the risk of a serious incident grows as we move faster. With you, we walk into any CIO, CISO, or compliance conversation with confidence. You will design and lead the security strategy that lets us move quickly, pass the most demanding healthcare due diligence, and keep patient data safe—so our team can focus on building the future of radiology. Here’s what you’ll be doing: You will own Rad AI’s end-to-end security program—from governance and risk management to product, cloud, and enterprise security. You’ll be the executive-level owner for SOC 2 Type II, HIPAA, and future frameworks like HITRUST, serving as the primary point of contact for auditors, external partners, and our largest customers. You’ll set a clear security roadmap, align it with our product and go-to-market strategy, and lead a small, high-leverage team across cybersecurity, GRC, and security operations. You’ll be a critical partner to Sales, Customer Success, Product, Engineering, Legal, and IT. You’ll help close complex enterprise deals by navigating security assessments with confidence, coach our teams through incident response, and design pragmatic controls that actually work in a fast-moving startup. You’ll also shape how we responsibly adopt evolving AI governance expectations in our products, ensuring we stay ahead of emerging risks while unlocking innovation. In addition, you will: Lead our information security, privacy, and compliance strategy across product, cloud infrastructure, and corporate IT. Own SOC 2 Type II and HIPAA programs end to end—from control design and evidence collection to auditor relationships and report delivery. Serve as a visible leader in customer security discussions and sales cycles, client security questionnaires, RFPs, and enterprise security reviews. Own IT risk management program, and monitor ongoing vendor risk and compliance Design and oversee security operations and incident response, including on-call processes, playbooks, and executive communication. Build, coach, and scale a high-performing security team across product/app security, GRC, and security operations over time.

Requirements

8+ years of experience in information security, including leadership of security programs for a B2B SaaS organization.
Owned external audits such as SOC 2 Type II and HIPAA (or similar healthcare/regulated frameworks) and have worked directly with auditors.
Deep knowledge of HIPAA Privacy and Security Rules and operating in healthcare regulatory environments.
Hands-on experience with modern cloud and application security (e.g., AWS/GCP/Azure, identity and access management, EDR, vulnerability management, SDLC security).
Led or been a key decision-maker in security conversations with enterprise customers, translating deep technical risk into clear business tradeoffs.
Built or significantly matured a security program in a high-growth environment, balancing strong controls with speed and practicality.
Partnered closely with Product and Engineering on product and application security for AI- or data-heavy products and experience managing security for AI/ML-enabled platforms.

Nice To Haves

Experience with HITRUST, ISO27001, or similar security frameworks, especially in the context of healthcare data and PHI.
Skills and the capability to build and utilize AI tools to automate security processes.
Prior experience working in radiology, broader healthcare, or healthtech.
Hold relevant certifications such as CISSP, CISM, CISA or similar.

Responsibilities

Own Rad AI’s end-to-end security program—from governance and risk management to product, cloud, and enterprise security.
Be the executive-level owner for SOC 2 Type II, HIPAA, and future frameworks like HITRUST, serving as the primary point of contact for auditors, external partners, and our largest customers.
Set a clear security roadmap, align it with our product and go-to-market strategy, and lead a small, high-leverage team across cybersecurity, GRC, and security operations.
Partner with Sales, Customer Success, Product, Engineering, Legal, and IT to help close complex enterprise deals by navigating security assessments with confidence.
Coach our teams through incident response, and design pragmatic controls that actually work in a fast-moving startup.
Shape how we responsibly adopt evolving AI governance expectations in our products, ensuring we stay ahead of emerging risks while unlocking innovation.
Lead our information security, privacy, and compliance strategy across product, cloud infrastructure, and corporate IT.
Own SOC 2 Type II and HIPAA programs end to end—from control design and evidence collection to auditor relationships and report delivery.
Serve as a visible leader in customer security discussions and sales cycles, client security questionnaires, RFPs, and enterprise security reviews.
Own IT risk management program, and monitor ongoing vendor risk and compliance.
Design and oversee security operations and incident response, including on-call processes, playbooks, and executive communication.
Build, coach, and scale a high-performing security team across product/app security, GRC, and security operations over time.