[Hiring] Head of Security @Anomaly

Role Description

We are looking for a Head of Security to own and operate our information security program end-to-end. This role is responsible for maintaining a strong security and compliance posture while enabling rapid product development and growth.

The Head of Security reports to the Chief Technology Officer, who also serves as Chief Information Security Officer and provides executive oversight of security strategy and risk management. This role owns the day-to-day operation of the security program and is the primary driver of security initiatives across the company.

This position is ideal for someone who wants to contribute to the foundation of our security best practices and wants to grow with this company. As we grow, this role is expected to expand in scope and may evolve into a dedicated CISO position.

Responsibilities

• Own the security program:
• Define and operate the company’s security program, including policies, controls, risk management, and the ISMS.
• Lead compliance and customer trust:
• Own SOC 2 / HIPAA programs, audits, and all customer-facing security processes (questionnaires, diligence, reviews).
• Design pragmatic security controls:
• Establish scalable security architecture and guardrails across cloud, data, application systems, and internal IT.
• Enable the organization:
• Embed security into the SDLC and internal workflows, including the controlled adoption of AI agents across all aspects of the business.

Qualifications

• Experience owning a security program at a startup or growth-stage company (approximately 20–150 employees).
• Strong working knowledge of SOC 2 and HIPAA environments, including running audits end-to-end and working with security vendors.
• Ability to design pragmatic security controls across AWS, application, and internal IT environments (Google Workspace + OSX).
• Demonstrated judgment in balancing security, velocity, and business needs, including customer-facing communication.