Senior Director, Cloud Security, Compliance Lead

Your Impact at Lila Cloud Security Compliance Lead is responsible for the end-to-end security, governance, risk management, and regulatory compliance of Lila Sciences’ cloud environments and research workflows. You’ll own cloud security architecture, policy frameworks, data protection, and compliance programs across multi-cloud and on-premises contexts as appropriate. You’ll partner with Engineering, Data Science, IT, Legal, and Compliance to codify secure patterns, enable rapid yet safe experimentation, and maintain a robust governance program with auditable evidence for regulators and customers. What You'll Be Building Cloud Security Architecture Governance Define and maintain cloud security strategy, reference architectures, and security baselines for public cloud (AWS, Azure, GCP) and hybrid deployments. Implement secure-by-default patterns for CI/CD is intentionally out of scope; focus on secure design patterns for cloud resources, data flows, and analytics. Establish IAM least privilege, network segmentation, private endpoints, key/secret management, and centralized logging across AWS, Kubernetes (where applicable), and cloud-native services. Governance, Compliance Risk Management Develop, implement, and continuously improve policies, standards, and procedures aligned to applicable frameworks (e.g., NIST CSF, NIST 800-53, FedRamp, ISO 27001, SOC 2, GDPR/CCPA). Lead data protection program: data classification, data minimization, data retention, and data lifecycle management; oversee DLP strategies where relevant. Manage third-party risk assessments, vendor security questionnaires, and contract security annexes; maintain evidence for audits. Security Controls Monitoring Define and oversee security controls across cloud resources, including identity, access management, encryption, key management, log collection, and telemetry. Collaborate with Security Operations to establish monitoring, alerting, incident response coordination, and evidence collection for audits. Compliance Audit Readiness Prepare for internal and external audits; map controls to frameworks and translate them into engineering artifacts and evidence. Maintain alignment with SOC 2, ISO 27001, and other regulatory requirements, coordinate with Legal and Privacy on data protection controls. Data, ML/AI Security Privacy Ensure secure data movement, storage, and access patterns; implement data lineage and isolation for training vs. inference in ML workflows. Address privacy-by-design considerations in data science processes; oversee secure handling of sensitive datasets. • Collaboration Enablement Partner with Engineering, IT, Legal, and Commercial teams to ensure cohesive risk management. Provide security training and awareness for engineering, data science, and product teams; translate security requirements into actionable tasks. Evidence Documentation Create and maintain security documentation, runbooks, policies, and evidence packs suitable for audits and regulator requests. What You’ll Need to Succeed Education: Bachelor’s degree in computer science, Information Security, Cybersecurity, Engineering, or related field. Masters preferred. Experience: 5–8+ years in cloud security, information security, or a related role; hands-on experience with cloud environments (AWS, Azure, GCP) and Kubernetes is a plus; experience in governance, risk, and compliance activities. Certifications: CISSP, CISM, CCSK, ISO 27001 Lead Auditor, SOC 2 Practitioner, or cloud security certifications are desirable. Technical Skills: Strong understanding of cloud architectures, IAM, encryption, KMS, secret management, data protection, and network security. Familiarity with Kubernetes concepts and security considerations (RBAC, network policies, pod security standards) as they apply to governance and compliance contexts. Experience with policy frameworks and policy-as-code concepts (OPA, Kyverno, Checkov) for governance and automated compliance checks. Know ... (truncated, view full listing at source)