Role Description This position serves as the company's foremost line of defense. You will operate under the assumption that systems are constantly under threat, crafting infrastructure that is resilient, auditable, and inherently secure. You will be the most risk-aware individual in the startup — and that’s exactly what we require. While others concentrate on feature rollout, you will prioritize the security of patient data, regulatory compliance, and system integrity. If your understanding of DevOps is limited to "I occasionally execute kubectl apply," this position is likely not for you. This role is not suited for those who prioritize speed over safety or view security as an afterthought to be addressed later. At Zenara, safeguarding patient data and maintaining system integrity takes precedence over rapid deployment. You will be responsible for Zenara’s infrastructure, security posture, and compliance engineering — everything from the ground up. This includes: - CI/CD pipelines - HIPAA-compliant deployment automation - Monitoring and alerting systems - Cybersecurity measures and threat defense - Access controls - Audit logging Your role will go beyond mere maintenance. You will also develop infrastructure for our AI platform, encompassing model serving, scaling AI workloads, and supporting production AI pipelines. You will have a dual mandate: ensure the stability and security of the platform while also building the necessary infrastructure for AI at scale. This represents a unique opportunity for greenfield infrastructure engineering within a healthcare AI company with genuine compliance obligations and real users. You will devise systems from fundamental principles, make architectural choices, establish best practices to guide us through growth and compliance audits, and serve as the ultimate security gatekeeper. What You Will Own - Cybersecurity & Threat Defense: Manage threat modeling, reduce attack surfaces, oversee intrusion detection, handle vulnerability management, and plan incident responses. You will be the final reviewer for infrastructure and security risks. - CI/CD and Deployment Automation: Design and implement CI/CD pipelines for all Zenara products, establishing deployment automation, managing environments, and setting quality thresholds. - Security Posture and HIPAA Compliance: Develop and uphold a HIPAA-compliant security posture across all Zenara systems, implementing access controls, managing secrets, maintaining audit logs, and enforcing encryption standards. - Monitoring, Alerting, and Incident Response: Create monitoring and alerting capabilities to proactively identify issues, establish incident response protocols, and lead the on-call rotation. - AI Infrastructure Support: Address AI infrastructure needs, including model serving and autoscaling for AI workloads. - Cloud Infrastructure Management: Oversee cloud infrastructure (AWS/Azure), focusing on cost optimization, reliability, disaster recovery, and capacity planning. - SOC 2 Readiness: Spearhead SOC 2 Type II preparedness, implementing necessary controls and liaising with auditors. - Security Incident Response: Establish procedures, conduct regular security evaluations, and respond to incidents as they arise. Your First 90 Days - Week 1-2: Fully immerse yourself in the current infrastructure, deployment processes, and security posture. Identify significant security vulnerabilities and critical gaps. - Month 1: Set up basic monitoring and alerting systems. Outline the CI/CD roadmap and begin documenting existing systems and security protocols. - Month 2-3: Develop CI/CD pipelines for high-priority services with security gates and implement secrets management and access controls. - Ongoing: Take on full ownership of infrastructure and security, delivering reliable and secure systems. Qualifications - 5-10 years of experience in DevOps, SRE, or Platform Engineering. - A strong security mindset: detail-focused and able to express concerns when risks are too high. - Familiarity with HIPAA, SOC 2, or healthcare compliance frameworks. - Proficient in AWS or Azure with infrastructure-as-code (Terraform, Pulumi, or CloudFormation). - CI/CD pipeline design and implementation experience. - Experience in container orchestration (Kubernetes, ECS, or equivalent). - Skills in cybersecurity: threat modeling, vulnerability assessment, intrusion detection, and incident response. - Strong English communication skills. - Experience in startup or high-growth environments. Strongly Preferred - Experience in supporting ML/AI infrastructure. - Security expertise in healthcare SaaS. - Background in penetration testing or security audits. - Prior experience with SOC 2 or HITRUST certification processes. - Knowledge of observability and monitoring tools. Nice to Have - Understanding of FHIR/HL7 healthcare data standards. - Production experience with Kubernetes. - Acquainted with multi-tenant SaaS security strategies. - Exposure to mental health or behavioral health sectors. - Experience with cloud infrastructure cost optimization. - Relevant security certifications (CISSP, CEH, or equivalent). Schedule - Evening IST hours with 4–8 hours of daily overlap with US Pacific (9am–5pm PT). - Salary between ₹22–35 LPA, based on skills and responsibilities. - Fully remote work options available throughout India. - Provision for equipment allowance. - Acknowledgment of culturally significant local holidays (India). - Flexible paid leave options. - Direct and regular communication with the CEO. - Opportunity to build infrastructure and security practices from the ground up.

• Protects the integrity of cargo being shipped by rigorously applying DeSpir’s in Transit Security Processes* • Proactively creates solutions to process breakdowns as they occur while communicating updates to the customer* • Communicates and coordinates within all business units to ensure the integrity of shipments • Carries out all necessary data entry and confirmation of key milestones of the In Transit Security process. (Departure, arrival, PODs, etc.) while utilizing Mcleod and other systems • Monitors In Transit Security through multiple systems to ensure quick response to customer requests • Assures that all paperwork including, but not limited to temperature downloads, pictures, and POD are downloaded to the load documents and the customer to finish the load for billing* • Risk management with an extensive focus on security best practices and protocols • Handling escalations of suspicious activity regarding customer freight • Responsible for updating customer portals based on customer requirements

• Develop and maintain internal security policies and guidelines, including policies related to data protection, BYOD, and network security. • Keep security documentation up to date and ensure it reflects current processes and controls. • Monitor security-related processes across the company and help ensure that security practices are followed in daily operations. • Apply security best practices in day-to-day work and support teams in implementing secure configurations and solutions. • Participate in improving security processes both within the team and across other departments. • Approve and manage access to internal information systems in accordance with established security policies. • Provide guidance to colleagues on security-related topics and the secure use of internal systems. • Work closely with the IT Support team on security-related matters, helping identify more secure solutions and advising on system configurations.

The Information Security Governance, Risk, and Compliance (GRC) Manager provides tactical leadership and operational oversight for key components of the company’s enterprise GRC program. This role is responsible for the day-to-day management of GRC analysts, driving compliance initiatives, managing the integrated risk assessment lifecycle, and ensuring control effectiveness. The Manager will serve as a key point of contact for internal business units and external auditors, directly supporting the strategic directives set by program leadership. The position requires a proven ability to lead teams, implement policy, and translate complex security and compliance requirements into clear business actions. What You Will Work On - Manage and mentor a team of GRC Security Analysts, providing clear direction and facilitating continuous professional development. - Oversee and execute the security risk assessment process, including identifying, analyzing, and documenting emerging and ongoing risks across the organization and its third parties. - Lead efforts to document, enforce, and communicate security policies and control frameworks that are aligned with key regulations and standards (e.g., NIST, ISO, GDPR, GLBA). - Develop, implement, and maintain security policies and controls specifically for the safe and ethical deployment and use of artificial intelligence (AI) systems. - Act as the primary operational liaison for internal and external audits, coordinating the collection of evidence, tracking the resolution of findings, and ensuring sustained audit readiness. - Provide direct support to the third-party risk management program, ensuring rigorous security review of vendors and business partners to mitigate external risk. - Facilitate IT compliance activities, focusing on the operational effectiveness of technical and general IT controls. - Collaborate with business units and technical teams to ensure adequate security controls are available and implemented during the onboarding of new solutions and systems. - Define and track qualitative and quantitative metrics to measure the success and maturity of the security program, reporting regularly to program leadership. - Support incident response and disaster recovery efforts, ensuring GRC documentation and controls are properly applied to corporate resiliency programs. - Ensure the protection of critical data is maintained through established data classification, data loss prevention (DLP), and records retention requirements. - Manage information security training requirements for the organization, to include identifying role-based security training for all organizational roles in accordance with the roles capacity to introduce risk in the performance of their duties. Who We Are Looking For - 7+ years of experience in cybersecurity, with a focus on governance, compliance, risk management, or audit. - 3+ years of demonstrated experience managing or leading a distributed or hybrid team. - Expert-level understanding of major regulatory frameworks and standards, including but not limited to NIST, ISO, GDPR, and GLBA. - Proven ability to manage GRC-related projects and work with cross-functional stakeholders to deliver outcomes on time and within scope. - Strong technical acumen in cloud computing security (AWS, GCP, or Azure), DevOps, and application security. - Exceptional written and verbal communication skills, with the ability to articulate security risk and compliance requirements to technical staff and business leadership. - Prior experience in defining metrics, preparing management reports, and implementing process improvements using GRC tools. - Demonstrated experience in conducting tabletop exercises for business continuity is preferable. Education Requirements - Bachelor’s degree in computer science, information assurance, MIS, or a related technical field, or equivalent practical experience. Certification Requirements - Holds or is actively working toward one or more of the following: CISSP, CISM, CISA, CRISC, or CGRC. What You Can Expect - Compensation: The base salary for this position ranges from $150,000 to $200,000 annually, depending on your location, experience, and qualifications. Additional compensation offerings include company profit-sharing bonus program, communication stipends, and referral bonuses. - Inclusive benefits package offering: - Comprehensive medical, dental, and company paid vision insurance, 401(k) retirement plan with employer match, voluntary life and AD&D insurance options, voluntary supplemental insurances for accident, critical illness, and legal services, paid time off (PTO) and paid holidays, employee assistance and wellness programs, company paid short term disability coverage, company contributions to health saving funds (with participation in the high deductible health plan. We offer company paid access to Galileo for virtual primary care and Rula for virtual mental health resources. - Through our Anniversary Program, we celebrate the meaningful milestones and long tenure that reflect how much we value your contributions and commitment to our team. - Career and skill development resources to help advance your career and personal growth. - A mission-driven environment where your work makes a measurable impact on the real estate industry. What We Value - Wherever it Leads, Whatever it Takes® - No matter how remote, complex, or unexpected. Our commitment never wavers. - Hire NICE people - Skills can be taught but character shines through. We seek those who bring integrity, kindness, and grit. - Lift others up - We lead with empathy and strive to improve the lives of those around us. - Sweat the details - Excellence lives in the little things. Getting it just so is how we make a big impact. - Raise the bar - We don’t settle for industry standards, we redefine them. About Us Our story began in the mountain town of Truckee, California more than 20 years ago, when we pioneered simple, web-based valuation technology solutions for an industry that relied on paper. Today, we’ve grown one of the highest-coverage networks of real professionals in the county. As we continue our journey to modernize valuation we’ll hold on to our promise from day one: to go wherever it leads and do whatever it takes to serve our customer with remarkable technology and uncompromising service. Clear Capital is an equal-opportunity employer. To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.