Overview
Head of Security Jobs in Palo Alto, CA at Hippocratic AI
Title: Head of Security
Company: Hippocratic AI
Location: Palo Alto, CA
About Hippocratic AIHippocratic AI’s mission is to develop the first safest focused Large Language Model (LLM) for healthcare. The company believes that a safe LLM can dramatically improve healthcare accessibility and health outcomes in the world by bringing deep healthcare expertise to every human. No other technology has the potential to have this level of global impact on health.
The company was co-founded by CEO Munjal Shah, alongside a group of physicians, hospital administrators, healthcare professionals, and artificial intelligence researchers from El Camino Health, Johns Hopkins, Washington University in St. Louis, Stanford, Google, and Nvidia. Hippocratic AI has received a total of $120M in funding and is backed by leading investors, including General Catalyst, Andreessen Horowitz, Premji Invest, and SV Angel.
About the role:As the Head of Security at Hippocratic AI, you’ll lead the charge of ensuring the security of our cloud and AI products as well as corporate data and IP. Your role involves developing and managing comprehensive information security programs, navigating compliance standards, and guiding risk management efforts to uphold our commitment to responsible and ethical AI practices in healthcare.
Responsibilities:
Develop and Manage Information Security Program:
Formulate and enhance a comprehensive information security risk-based program to ensure the integrity, confidentiality, and availability of information assets.
Establish an IT security architecture roadmap identifying security controls aligned with the organization’s security priorities.
Policy Development and Compliance:
Develop, maintain, and promote information security policies, standards, and guidelines, ensuring compliance with contractual obligations, corporate policies, and legal/regulatory requirements.
Demonstrate knowledge and experience with relevant legal and regulatory requirements, including SOX, PCI DSS, HITRUST, HIPAA Privacy & Security, and other CMS regulations and guidelines updated by the Federal Government.
Training and Awareness:
Develop and manage information security and risk management awareness training programs for employees, contractors, and approved system users.
Risk Assessment and Management:
Guide the information security risk assessment process, overseeing treatment efforts in collaboration with the Compliance Director.
Identify, assess, and prioritize IT risks, advising stakeholders on appropriate courses of action to mitigate or eliminate risk.
Vendor Risk Management:
Develop and implement a process to manage vendor risk, including assessment and remediation efforts related to partners, consultants, and service providers.
Incident Management:
Establish and implement an incident management process, collaborating with the Compliance Director to identify, respond, contain, and communicate security incidents.
Strategic Guidance and Reporting:
Provide strategic risk guidance for corporate IT projects, including evaluation and recommendation of technical standards and controls.
Manage an information security budget, providing regular reporting on the program’s status to the senior leadership team and stakeholders.
Metrics and Reporting Framework:
Facilitate a metrics and reporting framework to measure program efficiency and effectiveness, ensuring appropriate resource allocation and increasing security maturity.
Demonstrate knowledge of common information security management frameworks, such as NIST.
Buil…
