• Lead Cloud Security Posture Management CSPM across AWS • Architect and harden AWS infrastructure including IAM, VPC, S3, WAF, encryption, and segmentation • Monitor and respond to security events using AWS security services • Administer and optimize security tooling • Develop and maintain incident response processes and lead forensic investigations • Own the vulnerability management lifecycle • Drive PCI DSS implementation and support HIPAA and SOC 2 audit readiness • Conduct risk assessments and implement mitigation controls

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This is not a traditional enterprise CISO role where you inherit a legacy infrastructure, manage a large team, and maintain the status quo. This is a hands-on, entrepreneurial builder role. You are joining at the frontier of AI security — designing systems that don't yet exist, solving problems the industry is only beginning to name, and treating security not as a cost center but as a strategic and commercial advantage. - Define and execute our security strategy from the ground up. - Architect our internal security posture across infrastructure, data, and AI systems. - Establish governance models for how we deploy agents safely. - Ensure compliance with frameworks like SOC 2, ISO, and potentially FedRAMP. - Build security into AI agent systems as a first-class product feature. - Design guardrails, monitoring, and policy enforcement for autonomous agents. - Develop and potentially commercialize security products. - Lead incident response, threat modeling, and adversarial testing. - Serve as the public face of AI security for Human Agency. - Deploy and operate security infrastructure hands-on. Qualifications - Experience as a CISO, VP of Security, or Head of Security at a high-growth tech company. - Deep, hands-on experience securing AI and machine learning systems. - Experience building and operating cloud-native security programs across AWS, GCP, or Azure. - Understanding of threat modeling and red teaming. - Experience designing and implementing security monitoring, incident response, and compliance programs. - Track record of building or contributing to security products. Requirements - Think like a founder; see security as a competitive advantage and a product opportunity. - Comfortable with ambiguity and energized by unsolved problems. - Product-minded and commercially aware. - Technical enough to earn respect from engineers and pragmatic enough to earn trust from clients. - A teacher and builder of institutional knowledge. - Care deeply about doing the right thing. Benefits - Equal Opportunity Employer. - Commitment to building inclusive, high-performing teams.

Company Overview Join us for an enriching journey with Outset, a trailblazing medical device company that is revolutionizing the field of dialysis. Our focus is to create one high performing team, obsessed with progress, in an atmosphere that is brimming with transformative opportunities. The heart of our mission is pioneering a groundbreaking technology that redefines the landscape of dialysis, streamlining complexity and cost, because patients deserve “better” now, not some day.  At Outset we’re revolutionizing an industry and changing lives. We’re impacting what the future of dialysis looks like by creating a first-of-its-kind technology in order to reduce the cost and complexity of dialysis. FDA cleared for use across care settings, from the hospital to the clinic to the home, the Tablo® Hemodialysis System harnesses modern technology for a new holistic approach to dialysis care. We’re giving providers time back to focus on patient care. And we’re giving patients the power to take control of their life and get back to enjoying the things they love. Position Overview: Outset is seeking a hands-on information security leader to drive our cybersecurity and technology risk management program. This individual will be responsible for developing and enforcing security policies, managing governance, risk, and compliance (GRC) activities, executing security operations, and leading strategic projects to advance our security posture. In this role, you will collaborate cross-functionally with software engineering, IT Infrastructure, quality, regulatory, legal and other key stakeholders to continuously evolve and strengthen our cybersecurity program. This role requires a passion for protecting company assets and a strategic mindset to design and implement scalable security solutions. The ideal candidate will bring deep expertise in both on-premises and cloud security, including insights into cloud native security solutions for Microsoft 365 and AWS platforms. We’re looking for a leader with exceptional problem-solving skills, high attention to detail, strong organizational acumen, and a proven track record of building enterprise-grade security programs. This is a high-impact opportunity to shape the security foundation of Outset’s mission-driven organization – one that is reimagining dialysis and working to catalyze change for patients who deserve better. Essential Job Functions and Responsibilities: - Serve as the Security Lead and Subject Matter Expert (SME) for all environments, including cloud infrastructure, and on-premises systems. - Continuously assess and evolve the organization’s security posture—driving program maturity through strategic assessments, road mapping, stakeholder alignment, and project execution. - Monitor the external threat landscape to identify emerging attack vectors, vulnerabilities, and adversary tactics—translating threat intelligence into actionable insights that inform security strategy, initiatives and controls. - Ensure security practices and controls align with regulatory requirements, including FDA and HIPAA, and fulfill the requirements and obligations of the HIPAA security officer. - Support commercial functions by responding to customer cybersecurity due diligence questionnaires and security assessments—articulating Outset’s security posture, controls, and compliance practices directly to Customers. - Lead the vendor security risk assessment process—evaluating third-party partners for compliance with Outset’s security standards, identifying potential risks, and ensuring appropriate controls are in place. - Conduct technical evaluations of system architecture with a focus on security design and compliance, leveraging frameworks such as NIST CSF and NIST SP 800-53. - Provide strategic leadership in identifying, assessing, and mitigating information security risks; ensure alignment with internal policies and external standards. - Monitor emerging threats and lead the organization’s response to security incidents, serving as the primary control point and convening the Incident Response Team to investigate, contain, and resolve events. - Develop, maintain, and enforce enterprise cybersecurity policies, standards, and procedures, ensuring alignment with regulatory requirements, industry frameworks, and organizational risk tolerance. - Influence technology and architecture decisions as a key member of the IT leadership team. Required Qualifications: - 10+ years of industry experience in an information security function; leadership experience preferred. - B.S. or M.S. in Computer Science, Information Security, or a related field. - Professional security certifications such as CISSP, CISM, CISA, CCSP, or CEH (or equivalent). Additional certifications like Microsoft Certified: Cybersecurity Architect or AWS Certified Security – Specialty are a plus. - Proven experience leading organizations through security certifications and audits, including SOC 2, HIPAA, FIPS, and HITRUST. - Demonstrated expertise with cloud security tools and telemetry platforms including experience with AWS (CloudTrail, IAM, Incognito, GuardDuty) and Microsoft 365 (Defender, Entra ID, Purview, Sentinel). - Strong knowledge of risk assessment tools, technologies, and methodologies. - Exceptional written and verbal communication skills, with the ability to influence technical and non-technical stakeholders. - Experience in highly regulated industries. Desired Qualifications - Experience in FDA regulated industries, specifically Medical Device, is strongly preferred. - Experience in customer-facing technical roles, with the ability to translate complex security concepts into business-aligned recommendations. - Experience planning, researching, and developing security policies, standards, and procedures. - Hands-on experience implementing enterprise security capabilities such as identity and access management (IAM), data loss prevention (DLP), endpoint detection and response (EDR), extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation and response (SOAR). - Familiarity with mobile code, malware analysis, and endpoint protection technologies. - Proficiency in deploying logging and monitoring tools at scale, with an emphasis on automation and event-driven response. - Expertise in designing secure networks, systems, and application architectures. - Experience with disaster recovery planning, digital forensics, and incident response tools and techniques. SF Bay Area Salary Range $218,000—$295,000 USD National Salary Range National Salary Range (Remote) $185,000—$251,000 USD Company Culture At Outset, we believe every person matters. Every Outsetter, every patient, every caregiver. Because we are here to create a revolution, and we believe in doing that by innovating everywhere with intelligent speed. Our team expects nothing less than our best display of strengths and skills, and we find joy in working together for a common goal. At Outset, we believe that curiosity, ingenuity and conviction in the power of technology will transform the lives of dialysis patients and providers. We are fueled by the opportunity to give people their lives back. And we believe that it begins with YOU, our future Outsetter. At Outset, we’ve designed a professional world that our employees are honored and impassioned to belong to, one that offers challenge, the ability to collaborate with great people, and opportunities to build skill and expertise in a fulfilling career. An opportunity at Outset Medical won’t just be about finding a job. Our culture revolves around the principles of moving farther, faster, together, so working here feels like a masterclass in peak performance, for individuals and teams. Privacy is important to us. Please review our Applicant Privacy Notice. Important Notice We have been made aware of fraudulent activities where individuals are impersonating our company and offering fake job opportunities. Please note, Outset Medical will never request payment or gift cards during the hiring process, nor will we ask you to purchase your own equipment. Anyone reaching out to you with an email address ending in @outsetmedical.cc, is not a legitimate Outset representative. For legitimate opportunities, always apply directly through our official careers page. If you are unsure about the authenticity of a communication, contact us immediately at peopleops@outsetmedical.com. EQUAL EMPLOYMENT OPPORTUNITY STATEMENT Outset Medical is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind on the basis of race, color, national origin, religion, gender, gender identity, sexual orientation, disability, genetic information, pregnancy, age, or any other protected status set forth in federal, state, or local laws. This policy applies to all employment practices within our organization.

Role Description You'll be BLP's single owner of security and compliance end to end. Working directly alongside the CTO, you'll keep our ISO 27001 and SOC 2 certifications in good standing, unblock enterprise deals through fast and credible security responses, and reduce manual compliance work through smart automation. This role sits at the intersection of engineering, compliance, and enterprise sales. You'll have real autonomy and real impact from day one. What You'll Do - Own security and compliance across the entire company — certifications, infrastructure, customer-facing security, and internal tooling. - Own and maintain our ISO 27001 and SOC 2 certifications — audits, evidence collection, and continuous compliance. - Lead customer-facing security questionnaires during enterprise sales cycles, representing BLP's security posture independently and credibly. - Maintain and improve security documentation: internal policies, controls, and runbooks. - Drive remediation tasks arising from audits and penetration tests. - Build internal AI tooling to automatically answer security questionnaires and systematically reuse existing knowledge. - Improve and secure our AWS / GCP infrastructure. - Contribute to CI/CD pipelines, build infrastructure, and AWS migration initiatives. - Work closely with the CTO on security strategy, infrastructure decisions, and the compliance roadmap. Qualifications - Bachelor’s or Master’s degree in Computer Science, Information Security or equivalent practical experience. - 4+ years of experience in a DevOps, cloud, or security engineering role. - Hands-on experience owning or co-owning an ISO 27001 or SOC 2 certification — you've lived the audit cycle, not just observed it. - Comfortable operating independently across compliance processes: audits, controls, documentation, and remediation. - Confident representing the company's security posture in enterprise sales conversations. - Practical experience with AWS and/or GCP infrastructure security. - Strong interest in AI and automation — ideally with experience building internal tooling. - Familiarity with Vanta or comparable GRC platforms is a plus. Benefits - Direct ownership — you are the single point of accountability for security and compliance across a global SaaS platform with 20,000+ daily users. - Work directly with the CTO on strategy, not just execution. - Build AI-powered internal tooling that eliminates repetitive compliance work. - Autonomy and ownership from day one, in a fast-moving but highly technical environment. - Remote-friendly with a senior, engineering-focused culture.