Head of Information Security

Tonic.ai is seeking a dynamic leader to define, communicate, and execute Tonic.ai’s information security and technology roadmap. This role is ideal for someone interested in guiding the overall security and compliance program to reduce security risk across the company.What You’ll DoSecurity Management & OperationsEvaluate and drive updates and/or migration of the application and infrastructure portfolio to achieve Tonic.ai’s security and resiliency requirementsOwn security operations and incident responses to continuously monitor, defend, and respond to the security status of the organizationIdentify, negotiate, and select outside services, computer hardware, and software services with a clear framework of selection criteriaGovernance & ComplianceOversee Tonic.ai’s governance frameworks and compliance with relevant regulations and standards. Specifically, SOC 2, GDPR, and HIPAA Security and Privacy RulesEnsure continuous readiness for audits and certifications, partnering closely with external auditors and internal stakeholdersDevelop and maintain company-wide security and compliance policies, ensuring they remain current and well-communicatedSecurity & Risk StrategyDefine, implement, and maintain Tonic.ai’s overall security, compliance, privacy, and IT strategy and roadmap in alignment with business goalsContinuously evaluate emerging threats and industry trends, adapting the security strategy to anticipate and mitigate risksIT InfrastructureOwn and manage day-to-day IT operations, ensuring our tools, systems and infrastructure meet the needs of a growing, global workforce.Manage vendor relationships, contract negotiations, and service-level agreements for critical technology servicesSales and Go-to-Market SupportEnsure Tonic.ai’s security and compliance posture aligns with the requirements of the company’s existing and target customers, as well as with industry best practicesCollaborate with Tonic.ai’s leadership team to ensure proper data governance practices and compliance are fulfilled throughout the organizationEnsure that Tonic.ai employees adhere to and are compliant with the security requirements of our companyWork with Tonic.ai’s Sales, Customer Success, and Solutions Architect teams to answer customer third-party risk management questionnaires to protect Tonic’s liability while simultaneously supporting salesWhat You’ll Bring10+ years of experience with at least 5 years in information security, and 3+ years within a high-growth startupDemonstrated success running an enterprise-wide information security program that has achieved SOC2 and HIPAA attestationIdeally, knowledge and some experience with security and compliance obligations required for government contracting (e.g. FedRAMP, NIST 800-171, DFARS)Working knowledge of securing cloud computing environments (specifically AWS, but experience with GCP, Azure, Oracle Cloud and IBM Cloud is a bonus) and associated risks and controlsAbility to translate complex technical language and requirements into business languageHands-on leadership experience, and the desire to roll up your sleeves and get your hands dirty, while also thinking strategically to see the big pictureExperience in proactively identifying and resolving people, process, and technology challenges with creative solutionsAbout Tonic.aiTonic.ai empowers developers while protecting customer privacy by enabling companies to create safe, synthetic versions of their data for use in software development, model training, and AI implementation. Founded in 2018, with offices in San Francisco, Atlanta, New York, and London, the company is pioneering enterprise tools for data transformation, de-identification, synthesis, and subsetting, in pursuit of its mission to make data usable. Thousands of developers use data generated with Tonic.ai on a daily basis to build their products faster in industries as wide ranging as healthcare, financial services, logistics, edtech, and e-commerce. Working with customers like eBay, Cigna, American Express, and Volvo, Tonic.ai innovates to advance its goal of advocating for the privacy of individuals while enabling companies to do their best work. For more information, visit or follow /tonicfakedata on LinkedIn. #J-18808-Ljbffr

Created: 2025-09-17