Head of Information Security

Salary Range: 220000 to 280000 (Currency: USD) (Pay period: per-year-salary)

What You’ll Do:

• Directly manage the Information Security functions of Atomic Machines.
• Develop a strategic vision for protecting Atomic Machines’ assets, including intellectual property (IP), financial records, personal information for staff and customers, and physical assets such as computers and lab equipment.
• Lead the design, development, and implementation of robust security architectures and policies for cloud-native and locally hosted systems, ensuring scalability, resilience, and efficiency.
• Conduct regular security assessments, threat modeling, and risk analysis to identify vulnerabilities and recommend appropriate mitigations.
• Stay up-to-date with the latest threat landscape and security technologies, tools, and frameworks to continuously enhance the company's security posture. 
• Implement security controls into the development team’s continuous integration and deployment pipelines. 
• Develop and present training materials for all employees to allow the team to understand and follow best security practices.
• Plan, execute, and document all security-related aspects of the rapid growth of our networking and software infrastructure.
• Proactively monitor and expand systems as the company grows to ensure continued robust and reliable performance of network infrastructure.
• Own and manage information security as it extends to physical access control systems.
• Partner with and manage external agencies and vendors when additional coverage and support are needed. 
• Lead and execute on IT Risk & Compliance roadmap.
• Lead IT security incident response, performing triage and determining if security incidents require escalation and/or further response.
• Implement cybersecurity best practices using relevant security frameworks, such as ISO 27001, NIST, SANS Critical 20, COBIT, etc.
• Perform internal audit tasks.
• Read and interpret ISO 27001, SOC 2, and other relevant certification reports from vendors to assess their security preparedness and representation of Atomic Machine's interests.
• Review contractual agreements and comment on security and data protection as needed.

What You’ll Need:

• 8+ years of experience in Information Security, ideally with at least 3 years of management.
• Experience managing all of Information Security for a company, including Cyber Security (ideally including startup experience).
• Experience developing and presenting a cyber security training program.
• Experience managing security concerns for modern cloud-first architectures as well as complex on-site production systems.
• Proven experience with incident response, vulnerability management, and risk assessment methodologies.
• Extensive AWS and Azure AD (Entra ID) cloud security experience, including cloud security monitoring, logging, security configuration, and  IAM. 
• High-level proficiency with SAML/SSO solutions and using hardware MFA keys.
• Hands-on experience with security tools and technologies, such as SIEM, MDR, IDS/IPS, WAF, DLP, and vulnerability scanners.
• Proven experience with incident response, vulnerability management, and risk assessment methodologies.
• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI).
• General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SOC 1/2/3, SANS top 20 and NIST 800-53.
• CISSP, CCSP, CISM, CSSP or similar security credentials.
• Propensity to work in fast-paced environments with minimal guidance.
• Ability to explain complex issues in terms appropriate for technical or non-technical audiences.
• Flexibility to work daily in our Berkeley office and commute to our Santa Clara office as needed.
• BS in Computer Science, Information Security, IT Management, or a related field preferred.