Apply on Employer Site

Lila Sciences · 7 hours ago

Director, Cloud Security, Compliance Lead

Cambridge, MA USA

Full-time

Onsite

Lead/Staff, Director/Executive

$168K/yr - $238K/yr

5+ years exp

Lila Sciences is the world’s first scientific superintelligence platform and autonomous lab for life, chemistry, and materials science. The Cloud Security & Compliance Lead is responsible for the end-to-end security, governance, risk management, and regulatory compliance of Lila Sciences’ cloud environments and research workflows, partnering with various teams to maintain a robust governance program.

Artificial Intelligence (AI)Foundational AILife ScienceSoftware

H1B Sponsor Likely

Responsibilities

Define and maintain cloud security strategy, reference architectures, and security baselines for public cloud (AWS, Azure, GCP) and hybrid deployments

Implement secure-by-default patterns for CI/CD is intentionally out of scope; focus on secure design patterns for cloud resources, data flows, and analytics

Establish IAM least privilege, network segmentation, private endpoints, key/secret management, and centralized logging across AWS, Kubernetes (where applicable), and cloud-native services

Develop, implement, and continuously improve policies, standards, and procedures aligned to applicable frameworks (e.g., NIST CSF, NIST 800-53, FedRamp, ISO 27001, SOC 2, GDPR/CCPA)

Lead data protection program: data classification, data minimization, data retention, and data lifecycle management; oversee DLP strategies where relevant

Manage third-party risk assessments, vendor security questionnaires, and contract security annexes; maintain evidence for audits

Define and oversee security controls across cloud resources, including identity, access management, encryption, key management, log collection, and telemetry

Collaborate with Security Operations to establish monitoring, alerting, incident response coordination, and evidence collection for audits

Prepare for internal and external audits; map controls to frameworks and translate them into engineering artifacts and evidence

Maintain alignment with SOC 2, ISO 27001, and other regulatory requirements, coordinate with Legal and Privacy on data protection controls

Ensure secure data movement, storage, and access patterns; implement data lineage and isolation for training vs. inference in ML workflows

Address privacy-by-design considerations in data science processes; oversee secure handling of sensitive datasets

Partner with Engineering, IT, Legal, and Commercial teams to ensure cohesive risk management

Provide security training and awareness for engineering, data science, and product teams; translate security requirements into actionable tasks

Create and maintain security documentation, runbooks, policies, and evidence packs suitable for audits and regulator requests

Qualification

Cloud Security ArchitectureGovernanceRisk ManagementCompliance FrameworksData ProtectionAWSAzureGCPKubernetesCISSPCISMISO 27001SOC 2Stakeholder ManagementPolicy FrameworksPythonGoRustJavaScriptCommunicationSoft Skills

Required

Bachelor's degree in computer science, Information Security, Cybersecurity, Engineering, or related field

5–8+ years in cloud security, information security, or a related role

Hands-on experience with cloud environments (AWS, Azure, GCP) and Kubernetes

Experience in governance, risk, and compliance activities

Strong understanding of cloud architectures, IAM, encryption, KMS, secret management, data protection, and network security

Familiarity with Kubernetes concepts and security considerations (RBAC, network policies, pod security standards) as they apply to governance and compliance contexts

Experience with policy frameworks and policy-as-code concepts (OPA, Kyverno, Checkov) for governance and automated compliance checks

Knowledge of SBOMs, software supply chain concepts, artifact signing (Cosign/Sigstore), and SBOM generation

Familiarity with audit-ready control mapping, risk assessment, and remediation tracking

Excellent communication, stakeholder management, and the ability to translate complex security requirements into actionable business and engineering tasks

Preferred

Masters degree in a related field

CISSP, CISM, CCSK, ISO 27001 Lead Auditor, SOC 2 Practitioner, or cloud security certifications

Experience with data-intensive research environments, HPC, or bioinformatics workloads

Familiarity with privacy by design, data governance, and model governance in ML/AI contexts

Prior startup or high-growth experience enabling developer velocity with strong guardrails

Knowledge of Sigstore/Cosign and SLSA concepts for software supply chain integrity

Experience with at least one modern programming language (Python, Go, Rust, JavaScript) for automation or tooling

Benefits

Bonus potential

Generous early equity

Company

Lila Sciences

Lila Sciences creates a scientific superintelligence platform and autonomous labs for life sciences, chemistry, and materials science. It is a sub-organization of Flagship Pioneering.

Founded in 2023

Cambridge, Massachusetts, USA

201-500 employees

https://www.lila.ai

H1B Sponsorship

Lila Sciences has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (8)

Funding

Current Stage

Growth Stage

Total Funding

$550.67M

Key Investors

ARIANVenturesFlagship Pioneering

2026-01-20Grant· $0.67M

2025-10-14Series A· $115M

2025-09-14Series A· $235M

Recent News

MIT Technology Review

The UK government is backing AI that can run its own lab experiments

2026-01-22

Axios

2025's AI-fueled scientific breakthroughs

2026-01-03

masslive

Here’s what happened to Mass. startup investing in 2025

2025-12-17

Company data provided by crunchbase