Director of Information Security & Compliance

About Norm Ai

Norm Ai automates compliance processes to make them more efficient, cost-effective, and accurate while ensuring democratic guardrails for AI in autonomous roles. By converting complex regulations into intelligent AI programs, we enable teams to operate with unprecedented speed and precision.

We also aim to enable the integration of AI agents into daily life, ensuring that AI-driven business processes adhere to legal and societal norms through adoption of our Regulatory AI agents as oversight.  At Norm Ai, we're committed to aligning AI with public policy, reflecting our society's collective will, and ushering in a new era of regulatory intelligence and societal-AI alignment.

In the past 12 months, we’ve raised more than $38 million from top VCs and global institutions. 

You can find our Vision here:  https://www.norm.ai/post/building-regulatory-ai-agents.

This Role

As Director of Information Security you will be responsible for ensuring that Norm Ai is continuing to adhere to the highest enterprise standards and maintaining a robust information security profile to protect our client data and systems. You will own our SOC 2 Type 2 process and internal policies and procedures, as well as all associated activities such as BC/DR drills, Penetration Testing and more. You will ensure that the Norm Ai team has an Information Security-focused mindset through internal education and enablement. 

You will own our internal data management policy and client contractual requirements relating to information security. You will establish processes and procedures to ensure that we continue to comply with our contractual obligations, including client reporting. 

You will engage with our engineering team as needed regarding client inquiries and in order to ensure that our systems and configurations are aligned with all client requirements. You will source and implement information security systems in collaboration with our engineering team. You will meet with clients on a regular basis as part of enterprise architecture reviews and sales discussions, and will facilitate any questions they may have about Norm Ai, and will help them accelerate their work to close deals through high levels of responsiveness. You will create assets and marketing collateral describing our information security framework.

• Highly motivated and proactive. Look for any and all opportunities to improve our Information Security posture. 
• Excellent communicator. Capable of engaging company employees in an efficient manner and effectively navigating stakeholder discussions. 
• Discretion and credibility. Know when something is important enough to push on, with the ability to make the case for your ask in an evidence-based and effective way. Knowing when something 
• Organized and effective. Be comfortable with leading our Information Security framework as an IC, handling both strategic and in the weeds tasks alike.

• 5-7+ years of work experience. 
• Experience leading SOC 2 Type 2 or related certification, audit, or attestation processes. 
• Experience drafting and promulgating internal information security policies. 
• Experience leading educational programs to build information security awareness. 
• Experience with SaaS and AI software. 
• Technical enough to have a deep and in-the-weeds discussion with an engineer that will allow them to instantly understand your point of view.

• Prior engineering experience. 
• Experience with enterprise architecture (SSO, Private Clouds, VPN Whitelisting). 
• Experience with HIPAA. 
• Experience with FEDRAMP.

What Success Looks Like

30 days

You have gotten fully up to speed regarding all of our information security practices and existing framework. 

You have reviewed all of our existing policies and procedures.

You have taken ownership of our existing Information Security platforms. 

60 days

You have a deep understanding of our architecture.

You require no assistance in order to successfully complete an information security questionnaire. 

You have made concrete suggestions for areas to push our Information Security posture forward. 

90 days

You are independently running our information security program. 

You are able to take client calls regarding Norm Ai information security and architecture independently.