Head of Security and Compliance

At HEN Technologies, we’re building Physical AI for the real world—intelligent systems that sense, understand, and act in high-stakes physical environments. Our first application is transforming fire response: combining advanced fluid dynamics, IoT-enabled hardware, real-world operational data, and AI-powered decision support to help firefighters suppress fires faster, use less water, reduce fatigue, and improve safety. By connecting the physical layer of emergency response with predictive intelligence, HEN is building the infrastructure for a safer, more adaptive future.

About the Role

We’re looking for a hands-on security and compliance leader with a strong SaaS, AI/ML

and data oriented application architecture, and experience with IoT systems. This leader

will own information security, product security, and compliance across our entire stack -

devices, cloud, web, mobile, and AI. You will lead our first SOC 2 audit, build the

security program to support Series B due diligence and enterprise fire-department

procurement, partner closely with our engineering directors across Cloud/Data, AI/ML,

Firmware/IoT, and Hardware, and serve as the executive face of security to customers,

investors, and the board.

Responsibilities

● Security strategy & engineering leadership. Define the security and compliance

roadmap aligned with company goals, customer requirements, and the regulatory

environment. Build the team over time.

● SOC 2 audit (Type I, then Type II). Own the end-to-end SOC 2 program: auditor

relationship, compliance tooling (Vanta/Drata or equivalent), policy authoring,

control implementation, evidence collection, and remediation.

● Cloud security (GCP). Partner with the Head of Cloud and Data engineering to

mature GCP security posture: IAM, VPC and network design, KMS, Secret

Manager, Security Command Center, Cloud Logging and detection engineering.

● Product security across the stack. Embed security into the SDLC for our cloud

platform, web app, mobile apps, firmware, and edge AI components. Drive threat

JD_SECM60

modeling, secure design reviews, SAST/SCA/secret scanning, and penetration

testing.

● IoT and embedded device security. Partner with the Head of Firmware/IoT on

device identity and provisioning, secure boot, signed firmware, OTA update

security, code-signing key management, and device fleet hygiene.

● AI/ML governance. Partner with the Head of AI/ML to establish governance for

models, training data, third-party LLM usage, prompt and output handling, and

edge inference. Build a defensible AI risk story for customers and investors.

● Identity, access & corporate IT security. Own SSO, MFA, least-privilege access,

quarterly access reviews, MDM coverage, and endpoint protection across the

company.

● Vendor and third-party risk. Build and run the vendor risk program. Maintain

sub-processor inventory, DPAs, and SOC 2 collection for critical vendors. Review

AI/LLM vendor terms for data handling.

● Incident response & business continuity. Own the IR plan, BCP and DR plans.

Run tabletop exercises and DR tests. Lead response on any material security

incident.

● Customer trust & enterprise sales support. Be the executive owner of customer

security questionnaires, security one-pagers, the trust page, and customer

security calls. Support sales on enterprise and fire-department procurements.

● Lead security due diligence, and brief the senior leadership on security posture

and risk on a regular cadence.

● Regulatory readiness. Stay ahead of the regulatory landscape relevant to fire

department customers: where applicable, CJIS, HIPAA (for EMS data), state

breach notification laws, federal AI executive orders, and emerging IoT security

regulation.

Must-have qualifications

● 12+ years in information security, with at least 4 years leading a security function.

● Personally led at least one company through SOC 2 (Type I and Type II) at a

similar-stage company - not just "managed compliance at a larger company."

● Strong cloud security background, ideally GCP (AWS or Azure depth with

willingness to ramp on GCP also works).

● Hands-on technical credibility. You can read a Terraform module, review an IAM

policy, and have a substantive conversation about TLS configuration.

Engineering directors will respect you because you understand what they do.

● Experience embedding security into modern engineering practices: GitHub

workflows, CI/CD, IaC, secure SDLC.

JD_SECM60

● Demonstrated experience running vendor risk, incident response, and customer

security questionnaire processes.

● Excellent written and verbal communication - you will be writing policies,

responding to customers, and briefing the leadership, often in the same week.

Nice-to-have qualifications

● Direct experience with IoT, embedded, or connected device security (firmware

signing, OTA security, device PKI).

● Familiarity with AI/ML security and governance: model risk, third-party LLM data

handling, prompt injection, edge model integrity.

● Public sector or first-responder customer experience: CJIS, HIPAA, NG911,

FedRAMP-adjacent procurement.

● Relevant certifications (CISSP, CISM, CCSP, GCP Professional Cloud Security

Engineer). Certifications alone do not make a candidate; we care about what you

have done.

● Experience taking a company through ISO 27001 or similar frameworks beyond

SOC 2.

Compensation and Benefits

The projected base salary for this position in the San Francisco Bay Area ranges from

$225,000 to $300,000. Final compensation will be determined based on the specific

qualifications and experience of the selected candidate. Additionally, this role may

qualify for equity. HEN Technologies provides a robust benefits package, featuring a

comprehensive well-being program and flexible time-off policies.

Don’t meet every single requirement? We still encourage you to apply. Research has shown that women and people of color are less likely to apply for roles unless they meet every qualification, and we don’t want that to stop great people from considering HEN Technologies.

HEN Technologies is an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity or expression, sexual orientation, age, marital status, disability, protected veteran status, or any other legally protected characteristic.

We are committed to building a diverse, inclusive, and authentic workplace where people from different backgrounds can do meaningful work together. If you’re excited about our mission and this role, but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply. You may be the right candidate for this role or another opportunity at HEN.