Head of InfoSec and IT Operations

Head Of Infosec And It Operations

Autonomize AI is revolutionizing healthcare by combining data and context to streamline knowledge workflows, reduce administrative burdens, and improve patient outcomes. We're a high-velocity, mission-driven startup that values full-stack ownership, clear alignment, and customer obsession.

Autonomize AI is hiring a Head of InfoSec and IT Operations, responsible for establishing, operating, and continuously strengthening the company's information security, cybersecurity, privacy, and AI governance programs. This role ensures that security and compliance are embedded into the company's product architecture, cloud infrastructure, software development lifecycle, and client operations.

The Head of InfoSec and IT Operations will lead the development of a scalable, audit-ready security framework aligned with HIPAA, SOC 2 Type II, HITRUST CSF, ISO 27001 (as applicable), and evolving AI governance expectations. This role partners closely with Engineering, Product, Customer Success, and external stakeholders to protect sensitive healthcare data while enabling innovation and growth. This is a strategic and operational leadership role requiring expertise in regulated healthcare environments and modern AI-enabled platforms.

Key Responsibilities

Security Strategy and Governance

• Develop and execute a comprehensive enterprise information security strategy aligned with business growth and regulatory obligations.
• Establish and maintain security governance structures, policies, standards, and controls.
• Report regularly to executive leadership on cybersecurity posture, risk, and maturity.
• Conduct risk assessments.

Healthcare Regulatory and Compliance Alignment

• Ensure compliance with HIPAA Privacy and Security Rule, HITECH, and applicable state privacy and security laws.
• Oversee SOC 2 Type II, HITRUST, ISO 27001, and other certification efforts as appropriate.
• Maintain audit readiness for client security assessments and regulatory inquiries.
• Support Business Associate Agreement (BAA) obligations and downstream vendor oversight.
• Partner with internal stakeholders to align security guardrails with healthcare regulatory workflows (e.g., prior authorization, appeals, interoperability requirements).

Cloud and Infrastructure Security

• Oversee cloud security architecture (e.g., Azure, AWS,) including, encryption, key management, data segmentation, and secure configuration.
• Ensure implementation of least privilege and strong access controls.
• Oversee vulnerability management, endpoint security, logging, and monitoring capabilities.
• Maintain incident response plans and conduct regular tabletop exercises.

Secure Software Development and AI Security

• Embed security into the Secure Software Development Lifecycle (Secure SDLC).
• Oversee application security testing (SAST, DAST, penetration testing).
• Establish controls for model governance, data lineage, training data protections, and AI risk management.
• Ensure safeguards around PHI handling in AI workflows, model training, testing, and prompt experimentation.
• Partner with Product and Engineering to ensure privacy-by-design and security-by-design principles.

Data Protection and Privacy

• Oversee data classification, retention, minimization, and secure disposal policies.
• Ensure encryption at rest and in transit for sensitive data.
• Establish controls for de-identification, re-identification risk mitigation, and controlled data access.
• Support privacy impact assessments for new products and features.

Sub-Vendor Risk Management

• Establish and oversee vendor security due diligence processes.
• Ensure subcontractors meet contractual and regulatory security obligations.
• Monitor ongoing vendor risk and compliance.

Incident Response and Business Continuity

• Lead cybersecurity incident response efforts; coordinate cross-functional response teams.
• Ensure regulatory breach notification readiness and procedures.
• Oversee disaster recovery and business continuity planning.

Security Culture and Awareness

• Build a culture of privacy and security awareness across the company.
• Develop employee training programs specific to PHI handling and AI-enabled workflows.
• Serve as a visible leader in customer security discussions and sales cycles.

Qualifications

Experience

• 12+ years of progressive information security leadership experience.
• Demonstrated experience as a security leader within a healthcare technology company, health plan, provider organization, or regulated SaaS environment.
• Deep knowledge of HIPAA Privacy and Security Rules and healthcare regulatory environments.
• Experience leading SOC 2 Type II and/or HITRUST certification processes.
• Expertise in cloud security architecture and modern DevSecOps practices.
• Experience managing security for AI/ML-enabled platforms preferred.
• Proven ability to interface with customers and support security questionnaires and audits.
• Strong executive presence and ability to communicate complex security risks to non-technical stakeholders.

Preferred Certifications

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CCSP (Certified Cloud Security Professional)
• HITRUST CCSFP

Skills

• Strategic risk leadership
• Regulatory fluency in healthcare
• Technical depth in cloud and application security
• Executive communication and reporting
• Ability to balance innovation velocity with risk mitigation
• Scalable program design in growth-stage environments

What We Offer

• High-impact opportunity to shape the future of healthcare AI.
• Autonomy, ownership, and the ability to chart your own growth path.
• Competitive base salary + commission + accelerators.
• 100% employer-paid health, dental, and vision insurance.
• Retirement plans (401k), disability insurance, and employee assistance programs.
• Work with a bold, fast-moving team solving meaningful problems.

How to Apply

Send your resume and a brief note to View email address on click.appcast.io explaining why you're the right partner to expand our most strategic national accounts.