1

Security and Compliance Lead AI Agents (Healthcare)

salary Salary :

₹50 - 80 hourly

icon building Company : 100ms
icon briefcase Job Type : Full Time
icon geo-alt Bengaluru

Number of Applicants

 : 

000+

Click to reveal the number of candidates who applied for this job.
icon loader
icon loader

Let AI Supercharge Your Job Hunt!

JobCopilot scans 500,000+ company career sites daily to find jobs for you

Never miss an opportunity Save hours by auto-filling applications forms Land more interviews with tailored applications
happy man
thunder iconActivate JobCopilot

Job Description - Security and Compliance Lead AI Agents (Healthcare)

About 100ms

100ms is building AI agents that automate complex patient access workflows in U.S. healthcare—starting with benefits verification, prior authorisation, referral intake, appointment scheduling, and patient intake. We help care teams reduce delays and administrative burden so that patients can start treatment faster.
Our automation platform combines deep healthcare domain knowledge with LLM-based agents and robust ops infrastructure.
We are fully HIPAA-compliant with secure, U.S.-based data storage, and we serve hospitals, health systems, payers, and specialty pharmacies across the country.

The Role

    • We’re looking for a Lead, Compliance & Security to own and operationalise 100ms’s entire security posture, regulatory compliance programmes, and privacy framework. Reporting to the CTO (or CEO), you will be the single-threaded owner of HIPAA compliance, SOC 2 certification, and enterprise security—building policies, tooling, and a culture of security from scratch.
    • This is a foundational, high-impact role. You’ll work cross-functionally with Engineering, Product, Legal, and Customer Success to make security a competitive advantage with U.S. healthcare enterprise customers.

What you’ll do

    • Regulatory Compliance & Privacy
    • Design, implement, and maintain a comprehensive HIPAA compliance programme covering the Privacy Rule, Security Rule, and Breach Notification Rule.
    • Serve as the designated Privacy Officer and/or Security Officer for the organisation.
    • Develop and enforce Business Associate Agreements (BAAs) with all vendors and partners handling PHI.
    • Conduct periodic Security Risk Assessments (SRA) and maintain a risk register with clear remediation timelines.
    • Monitor evolving U.S. healthcare regulations (HITECH, state privacy laws, CMS interoperability rules, 21st Century Cures Act) and update policies accordingly.
    • Lead external audit readiness for SOC 2 Type II, HITRUST CSF, and customer-required security assessments.
    • Security Architecture & Engineering
    • Define and enforce 100ms’s security architecture across cloud infrastructure (AWS / GCP / Azure), application layer, AI agent pipelines, and U.S.-based data storage.
    • Implement IAM policies, encryption standards (at rest and in transit), and network segmentation controls.
    • Own vulnerability management: scanning, triage, SLA-driven patching, and penetration testing schedules.
    • Establish and manage a Security Incident Response Plan (SIRP), including tabletop exercises and on-call rotation.
    • Evaluate and deploy security tooling (SIEM, EDR, DLP, CSPM) appropriate for a startup—balancing rigour with speed.
    • Ensure security of LLM-based agent workflows, including prompt injection defences, data leakage prevention, and PHI handling in AI pipelines.
    • Governance, Risk & Trust
    • Build 100ms’s security documentation library: policies, standards, procedures, and evidence repositories using GRC frameworks like (Sprinto, Vanta, Drata, Secureframe).
    • Set up and manage continuous compliance monitoring and automated evidence collection via Sprinto for SOC 2 and HIPAA audit readiness.
    • Own the vendor risk management programme, including third-party security reviews and ongoing monitoring.
    • Respond to customer security questionnaires, RFPs, and due-diligence requests alongside Sales and Customer Success.
    • Drive security awareness training across the organisation, including onboarding programmes and phishing simulations.
    • Track security KPIs and present a quarterly compliance posture report to the leadership team.
    • Cross-Functional Partnership
    • Embed secure-by-design principles into the SDLC: threat modelling, secure code reviews, and dependency scanning.
    • Collaborate with Engineering on DevSecOps practices—CI/CD pipeline security, secrets management, and infrastructure-as-code hardening.
    • Partner with Legal on data processing agreements, breach notification protocols, and regulatory filings.
    • Support customer-facing teams in addressing compliance concerns and positioning security as a sales differentiator with U.S. healthcare buyers.

What you bring : Required Experience

    • 5+ years of experience in information security, compliance, or risk management, with at least 2 years working with U.S. healthcare data or health-tech products.
    • Deep working knowledge of HIPAA (Privacy, Security, and Breach Notification Rules), HITECH, and SOC 2 frameworks.
    • Hands-on experience implementing and maintaining compliance programmes in a cloud-native (AWS, GCP, or Azure) environment.
    • Experience leading or significantly contributing to SOC 2 Type II or HITRUST certification efforts.
    • Hands-on experience with Sprinto or similar GRC/compliance automation platforms (Vanta, Drata, Secureframe).
    • Strong understanding of modern application security, cloud security architecture, and DevSecOps practices.
    • Proven ability to translate complex U.S. regulatory requirements into actionable engineering and operational controls.
    • Excellent written and verbal communication skills; comfortable presenting to executives, auditors, and U.S. enterprise customers.

You’ll stand out if you have

    • Relevant certifications such as CISSP, CISM, HCISPP, CCSP, or HITRUST CCSFP.
    • Experience at an early-stage or high-growth startup, building compliance programmes from zero to one.
    • Familiarity with AI/LLM security considerations—prompt injection, data leakage, model safety, and PHI handling in agentic workflows.
    • Familiarity with FDA software regulations (SaMD) or CMS interoperability standards (FHIR, HL7).Background in penetration testing, application security, or security engineering.
    • Experience with state-specific U.S. health data privacy laws (e.g., CMIA, SHIELD Act, Washington My Health My Data Act).Experience managing Sprinto end-to-end for SOC 2 / HIPAA audit readiness and evidence automation.
    • Prior experience working in IST time zones while collaborating with U.S.-based teams and customers.

What we offer : Compensation & Benefits

    • Competitive salary: ₹50–80 LPA based on experience and skills.
    • Significant ESOP grant: meaningful equity reflecting early-stage impact and founder proximity.
    • Comprehensive health insurance for you and your family.
    • Flexible work arrangements.
    • Direct access to founders and strategic decision-making.

Why 100ms

    • Massive market opportunity: Patient access bottlenecks affect millions of patients and cost the U.S. healthcare system billions annually. You’ll help build the trust infrastructure from the ground up.
    • Foundational role: You’ll be the first dedicated compliance and security hire—shaping the programme, the tooling, and the culture.
    • Real-world impact: Your work directly translates to patients accessing life-saving medications faster and healthcare workers focusing on care instead of administrative burden.
    • Cutting-edge technology: Work at the intersection of LLMs, AI agents, healthcare operations, and enterprise-grade security.
    • Founder proximity: Work directly with founders who have built successful products and deeply understand both AI infrastructure and healthcare operations.
    • Early-stage leverage: Join at the ground floor where individual contributions materially impact company trajectory.
    • Exceptional team: Collaborate with ex-entrepreneurs, AI engineering experts, and healthcare operations specialists building the future of healthcare automation.
    • Career acceleration: Build deep expertise in U.S. healthcare compliance and AI security from India while working closely with U.S. customers and partners.

Additional Information

    • At 100ms, we value in-person collaboration for faster iteration and stronger product culture.
    • Team members are expected to work from the office at least three days a week—Tuesday, Wednesday, and Friday.
    • Some overlap with U.S. time zones (EST/PST) will be required for customer and partner interactions.

Website Link

₹50,00,000 - ₹80,00,000 a year
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Original job Security and Compliance Lead AI Agents (Healthcare) posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
thunder iconAuto-Apply to Similar Jobs
Share Job
Share Job
thunder icon

Get your Resume Reviewed for Free

thunder iconAutomate Job Applications for Similar Jobs

Auto-Apply to Security and Compliance Lead Jobs with your AI JobCopilot

thunder icon Auto-Apply with AI

Similar Security and Compliance Lead Jobs in India

thunder icon

Get your Resume Reviewed for Free

GrabJobs india
facebook icon instagram icon linkedin icon

GrabJobs is the no1 job portal in India, connecting you to thousands of jobs fast! Find the best jobs in India, apply in 1 click and get a job today!

Mobile Apps

GrabJobs iOS App logo GrabJobs Android App logo GrabJobs Huawei App logo

Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.

Privacy Policy Terms of Use