Information Security Lead

About The Position

Requirements

• 5+ years of experience in information security, including direct experience improving, and contributing to GRC programs.
• Proven expertise in regulatory frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, FedRAMP, TX-RAMP, StateRAMP or similar.
• Hands-on experience with vulnerability management tools, incident response, and security audits.
• Experience embedding security into software development lifecycles—DevSecOps principles applied in practice.
• Experience selecting, implementing, and managing security tooling (e.g., XDR, SIEM, endpoint, code scanning, etc.).
• Exceptional communication and influencing skills across technical and non-technical teams.
• A high degree of autonomy and ownership—comfortable leading cross-functional efforts and prioritizing in a dynamic environment.
• You already use AI tools in your security work—for policy drafting, threat analysis, log review, control validation, or however it fits your practice.
• Experience with cloud-native environments (AWS preferred)
• Experience building with or on top of LLMs, AI agents, or agentic pipelines.
• Familiarity with prompt engineering, tool use patterns, and evaluation of AI systems.

Nice To Haves

• Experience with FDA regulations is an asset.
• Experience with SaaS platforms, and startup culture.
• A portfolio, published work, or contributions that show how you think about security problems.
• Background that spans multiple domains or disciplines.
• Active in security communities, forums, or meetups.
• Contributions to the broader AI security conversation.

Responsibilities

• Manage and evolve vulnerability management— tooling, reporting, and remediation governance. You understand the current evolution of the field and leverage AI appropriately for first-class vulnerability management: deliberately and with clear guardrails.
• Serve as a consultative security leader for Engineering, Product, and Customer teams—governing system designs, architecture, and implementation through a security-first lens.
• Implement AI native tooling to improve detection and response capabilities without incurring an increased demand on resources.
• Partner with Engineering to implement developer-friendly security tools that improve security posture and reduce compliance burdens without slowing velocity.
• Oversee incident response preparation, processes, and execution—ensuring coordinated action, effective communication, and the kind of thorough post-incident analysis that prevents the same problem twice.
• Under the direction VP, TechOps, improve the Proscia Information Security Program, with a focus on governance, risk, and compliance (GRC) across the Concentriq suite of applications and Proscia’s business applications.
• Contribute to security policy development across regulated and non-regulated markets—implementing agentic workflows where it accelerates your research and stress-testing, iterating with stakeholders, and maintaining the rigor and compliance standards our customers expect.
• Influence and execute on the company’s regulatory roadmap—seeking new certifications and frameworks (e.g., ISO 27001, SOC 2, HITRUST) in response to customer and market demands.
• Enable other teams to answer security-related questions from customers, prospects, and partners providing expert information security guidance.
• Anticipate and adapt to industry and regulatory trends, including how AI is reshaping both the threat landscape and the defender’s toolkit—and surface emerging requirements before they become urgent.
• Help shape internal security standards and documentation that work for both humans and AI-augmented workflows.

Benefits

• Competitive pay
• Savings options
• Schedule options
• Insurance options