Senior Director, Cloud Security, Compliance Lead

Cloud Security & Compliance Lead is responsible for the end-to-end security, governance, risk management, and regulatory compliance of Lila Sciences’ cloud environments and research workflows. You’ll own cloud security architecture, policy frameworks, data protection, and compliance programs across multi-cloud and on-premises contexts as appropriate. You’ll partner with Engineering, Data Science, IT, Legal, and Compliance to codify secure patterns, enable rapid yet safe experimentation, and maintain a robust governance program with auditable evidence for regulators and customers.

• Define and maintain cloud security strategy, reference architectures, and security baselines for public cloud (AWS, Azure, GCP) and hybrid deployments. 
• Implement secure-by-default patterns for CI/CD is intentionally out of scope; focus on secure design patterns for cloud resources, data flows, and analytics. 
• Establish IAM least privilege, network segmentation, private endpoints, key/secret management, and centralized logging across AWS, Kubernetes (where applicable), and cloud-native services. 

• Develop, implement, and continuously improve policies, standards, and procedures aligned to applicable frameworks (e.g., NIST CSF, NIST 800-53, FedRamp, ISO 27001, SOC 2, GDPR/CCPA). 
• Lead data protection program: data classification, data minimization, data retention, and data lifecycle management; oversee DLP strategies where relevant. 
• Manage third-party risk assessments, vendor security questionnaires, and contract security annexes; maintain evidence for audits. 

• Define and oversee security controls across cloud resources, including identity, access management, encryption, key management, log collection, and telemetry. 
• Collaborate with Security Operations to establish monitoring, alerting, incident response coordination, and evidence collection for audits. 

• Prepare for internal and external audits; map controls to frameworks and translate them into engineering artifacts and evidence. 
• Maintain alignment with SOC 2, ISO 27001, and other regulatory requirements, coordinate with Legal and Privacy on data protection controls. 

• Ensure secure data movement, storage, and access patterns; implement data lineage and isolation for training vs. inference in ML workflows. 
• Address privacy-by-design considerations in data science processes; oversee secure handling of sensitive datasets. • Collaboration & Enablement 
• Partner with Engineering, IT, Legal, and Commercial teams to ensure cohesive risk management. 
• Provide security training and awareness for engineering, data science, and product teams; translate security requirements into actionable tasks. 

• Create and maintain security documentation, runbooks, policies, and evidence packs suitable for audits and regulator requests.

• Education: Bachelor’s degree in computer science, Information Security, Cybersecurity, Engineering, or related field. Masters preferred.
• Experience: 5–8+ years in cloud security, information security, or a related role; hands-on experience with cloud environments (AWS, Azure, GCP) and Kubernetes is a plus; experience in governance, risk, and compliance activities.
• Certifications: CISSP, CISM, CCSK, ISO 27001 Lead Auditor, SOC 2 Practitioner, or cloud security certifications are desirable.
• Technical Skills:  Strong understanding of cloud architectures, IAM, encryption, KMS, secret management, data protection, and network security.
• Familiarity with Kubernetes concepts and security considerations (RBAC, network policies, pod security standards) as they apply to governance and compliance contexts. 
• Experience with policy frameworks and policy-as-code concepts (OPA, Kyverno, Checkov) for governance and automated compliance checks.
• Knowledge of SBOMs, software supply chain concepts, artifact signing (Cosign/Sigstore), and SBOM generation. 
• Familiarity with audit-ready control mapping, risk assessment, and remediation tracking.
• Soft Skills: Excellent communication, stakeholder management, and the ability to translate complex security requirements into actionable business and engineering tasks.

• Experience with data-intensive research environments, HPC, or bioinformatics workloads.
• Familiarity with privacy by design, data governance, and model governance in ML/AI contexts.
• Prior startup or high-growth experience enabling developer velocity with strong guardrails; knowledge of Sigstore/Cosign and SLSA concepts for software supply chain integrity.
• Experience with at least one modern programming language (Python, Go, Rust, JavaScript) for automation or tooling.

Lila Sciences is building Scientific Superintelligence™ to solve humankind's greatest challenges. We believe science is the most inspiring frontier for AI. Rather than hard-coding expert knowledge into tools, LILA builds systems that can learn for themselves.

LILA combines advanced AI models with proprietary AI Science Factory™ instruments into an operating system for science that executes the entire scientific method autonomously, accelerating discovery at unprecedented speed, scale, and impact across medicine, materials, and energy. Learn more at www.lila.ai.

Guided by our core values of truth, trust, curiosity, grit, and velocity, we move with startup speed while tackling problems of historic importance. If this sounds like an environment you'd love to work in, even if you don't meet every qualification listed above, we encourage you to apply.

Lila Sciences is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

Information you provide during your application process will be handled in accordance with our Candidate Privacy Policy.

Lila Sciences does not accept unsolicited resumes from any source other than candidates. The submission of unsolicited resumes by recruitment or staffing agencies to Lila Sciences or its employees is strictly prohibited unless contacted directly by Lila Science’s internal Talent Acquisition team. Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of Lila Sciences, and Lila Sciences will not owe any referral or other fees with respect thereto.