Head of Security and Compliance

About Us

Gimlet is building the next generation of AI infrastructure: large-scale AI datacenters and the orchestration platform that coordinates them.

The future of AI will require vastly more compute than exists today. But as AI workloads become more complex and new hardware architectures emerge, simply deploying more GPUs isn't enough. The challenge is making increasingly diverse compute work together.

Gimlet's platform intelligently partitions and routes workloads across heterogeneous hardware, enabling step-function improvements in performance and efficiency. Customers deploy through production-grade APIs without needing to think about hardware selection, placement, or optimization.

We work with foundation labs, hyperscalers, and AI-native companies to power production workloads at massive scale and help define the infrastructure layer for the future of AI.

About this role

Gimlet Labs is looking for a Head of Security and Compliance to build and own the security and compliance foundation for an AI company operating across rapidly evolving AI systems serving production scale traffic for top frontier labs and hyperscalers.

This is a highly hands-on role for someone who can design the compliance program, implement the technical controls, and work directly with engineering to make security auditable, scalable, and practical. You will have significant ownership over the compliance stack, including policies, controls, evidence collection, audit readiness, vendor risk, and security tooling.

What you will work on

• Partner directly with engineering, infrastructure, and product teams to identify security risks and design practical controls across AI platforms, cloud infrastructure, networking systems, APIs, and software delivery pipelines.

• Build and operationalize security and compliance programs supporting frameworks such as SOC 2, ISO 27001, NIST CSF, NIST AI RMF, CSA CCM, and customer security requirements.

• Drive improvements to cloud and application security controls, including IAM, network segmentation, encryption, logging, secrets management, vulnerability management, and secure SDLC practices.

• Help define security approaches for AI systems, including model access controls, data protection, third-party AI tooling, auditability, and misuse prevention.

• Build scalable processes for audit evidence collection, risk tracking, remediation management, and security reporting across technical and non-technical stakeholders.

• Contribute to broader security and operational readiness efforts including vendor risk management, incident response preparedness, business continuity planning, and security policy development.

You may be a good fit for

• Experience in security risk, compliance, GRC, cloud security, or infrastructure security.

• Working knowledge of cloud platforms such as AWS, Azure, or Google Cloud.

• Familiarity with networking concepts including firewalls, VPC/VNet design, VPNs, DNS, TLS, routing, segmentation, and zero trust principles.

• Understanding of software security concepts, including secure SDLC, CI/CD, vulnerability management, secrets management, and API security.

• Experience with compliance frameworks such as SOC 2, ISO 27001, NIST, CIS Controls, or CSA CCM.

• Ability to document controls, gather evidence, assess gaps, and drive remediation with engineering teams.

• Strong written and verbal communication skills.

Strong candidates may also have

• Experience in an early-stage startup or high-ownership environment.

• Experience supporting AI, machine learning, data infrastructure, or SaaS platforms.

• Familiarity with AI governance frameworks such as NIST AI RMF or ISO/IEC 42001.

• Experience with Kubernetes, containers, infrastructure as code, and cloud-native security tooling.

• Certifications such as CISSP, CISA, CRISC, CCSP, CCSK, Security+, AWS Security Specialty, or Azure Security Engineer.

• Experience implementing or administering GRC platforms, SIEMs, CSPM tools, vulnerability scanners, and ticketing workflows.