Security and Compliance Lead

Black Forest Labs is a cutting-edge startup pioneering generative image and video models. Our team, which invented Stable Diffusion, Stable Video Diffusion, and FLUX.1, is currently seeking a strong security and compliance to work closely with our team in building and implementing world class security and ensuring regulatory compliance across the business.

The Role:

• Own and evolve the company-wide security strategy across infrastructure, application, and corporate environments
• Lead our global compliance programs (e.g., ISO 27001, SOC 2) ensuring we meet regulatory and customer trust requirements. Build and maintain relationships with auditors, ensuring smooth audit processes
• Address AI-specific compliance requirements around data usage, model governance
• Build a comprehensive security program that scales with our AI training and inference infrastructure
• Partner closely with engineering and Devops to embed “secure by default” principles into our architecture and development lifecycle.
• Secure our model training infrastructure: distributed GPU clusters, data pipelines, training datasets
• Protect inference infrastructure: model serving endpoints, API gateways, and production deployment pipelines
• Ensure secure model versioning, storage, and deployment practices
• Implement access controls and audit trails for sensitive training data and model weights
• Manage and scale our IT function, ensuring a secure, efficient, and user friendly digital workplace.
• Establish and maintain risk & governance structures, security policies, and incident response procedures.
• Design and implement security controls for large scale Kubernetes environments hosting training and inference workloads
• Lead internal risk assessments and external audits, and build trusted relationships with auditors and customers
• Create and optimise detections, playbooks, and workflows to quickly identify and respond to potential incidents
• Make impactful, risk-based security decisions aligned with business objectives
• Establish security as a competitive advantage while maintaining development velocity

Ideal Experience:

• 5+ years of experience in security roles (Security Officer, Security Engineer, Compliance & Security Manager)
• Deep understanding of infrastructure security, application security, and cloud security
• Experience performing security operations or investigations involving large scale Kubernetes environments
• Track record of successfully managing compliance certifications (SOC 2, ISO 27001, etc.)
• Exceptional communication and collaboration skills
• An ability to lead projects with little guidance
• Experience contributing to a high growth startup environment
• Experience securing cloud infrastructure (Azure) at scale
• Experience with or strong interest in securing ML/AI infrastructure is highly valued