Senior Director, Cloud Security, Compliance Lead

Your Impact at LILA

Cloud Security & Compliance Lead is responsible for the end-to-end security, governance, risk management, and regulatory compliance of Lila Sciences’ cloud environments and research workflows. You’ll own cloud security architecture, policy frameworks, data protection, and compliance programs across multi-cloud and on-premises contexts as appropriate. You’ll partner with Engineering, Data Science, IT, Legal, and Compliance to codify secure patterns, enable rapid yet safe experimentation, and maintain a robust governance program with auditable evidence for regulators and customers.

What You'll Be Building

Cloud Security Architecture & Governance

• Define and maintain cloud security strategy, reference architectures, and security baselines for public cloud (AWS, Azure, GCP) and hybrid deployments. 
• Implement secure-by-default patterns for CI/CD is intentionally out of scope; focus on secure design patterns for cloud resources, data flows, and analytics. 
• Establish IAM least privilege, network segmentation, private endpoints, key/secret management, and centralized logging across AWS, Kubernetes (where applicable), and cloud-native services. 

Governance, Compliance & Risk Management

• Develop, implement, and continuously improve policies, standards, and procedures aligned to applicable frameworks (e.g., NIST CSF, NIST 800-53, FedRamp, ISO 27001, SOC 2, GDPR/CCPA). 
• Lead data protection program: data classification, data minimization, data retention, and data lifecycle management; oversee DLP strategies where relevant. 
• Manage third-party risk assessments, vendor security questionnaires, and contract security annexes; maintain evidence for audits. 

Security Controls & Monitoring

• Define and oversee security controls across cloud resources, including identity, access management, encryption, key management, log collection, and telemetry. 
• Collaborate with Security Operations to establish monitoring, alerting, incident response coordination, and evidence collection for audits. 

Compliance & Audit Readiness

• Prepare for internal and external audits; map controls to frameworks and translate them into engineering artifacts and evidence. 
• Maintain alignment with SOC 2, ISO 27001, and other regulatory requirements, coordinate with Legal and Privacy on data protection controls. 

Data, ML/AI Security & Privacy

• Ensure secure data movement, storage, and access patterns; implement data lineage and isolation for training vs. inference in ML workflows. 
• Address privacy-by-design considerations in data science processes; oversee secure handling of sensitive datasets. • Collaboration & Enablement 
• Partner with Engineering, IT, Legal, and Commercial teams to ensure cohesive risk management. 
• Provide security training and awareness for engineering, data science, and product teams; translate security requirements into actionable tasks. 

Evidence & Documentation

• Create and maintain security documentation, runbooks, policies, and evidence packs suitable for audits and regulator requests.

What You’ll Need to Succeed

• Education: Bachelor’s degree in computer science, Information Security, Cybersecurity, Engineering, or related field. Masters preferred.
• Experience: 5–8+ years in cloud security, information security, or a related role; hands-on experience with cloud environments (AWS, Azure, GCP) and Kubernetes is a plus; experience in governance, risk, and compliance activities.
• Certifications: CISSP, CISM, CCSK, ISO 27001 Lead Auditor, SOC 2 Practitioner, or cloud security certifications are desirable.
• Technical Skills:  Strong understanding of cloud architectures, IAM, encryption, KMS, secret management, data protection, and network security.
• Familiarity with Kubernetes concepts and security considerations (RBAC, network policies, pod security standards) as they apply to governance and compliance contexts. 
• Experience with policy frameworks and policy-as-code concepts (OPA, Kyverno, Checkov) for governance and automated compliance checks.
• Knowledge of SBOMs, software supply chain concepts, artifact signing (Cosign/Sigstore), and SBOM generation. 
• Familiarity with audit-ready control mapping, risk assessment, and remediation tracking.
• Soft Skills: Excellent communication, stakeholder management, and the ability to translate complex security requirements into actionable business and engineering tasks.

Bonus Points For

• Experience with data-intensive research environments, HPC, or bioinformatics workloads.
• Familiarity with privacy by design, data governance, and model governance in ML/AI contexts.
• Prior startup or high-growth experience enabling developer velocity with strong guardrails; knowledge of Sigstore/Cosign and SLSA concepts for software supply chain integrity.
• Experience with at least one modern programming language (Python, Go, Rust, JavaScript) for automation or tooling.