Director of Information Security & Compliance
Norm AI
IT, Legal
New York, NY, USA
Posted 6+ months ago
About Norm Ai
Norm Ai is the Compliance AI Platform for legal standards-based reasoning & workflow automation.
We developed the first Domain Specific Language (DSL) for fully representing regulatory requirements in an AI engine. This DSL, deployed with our enterprise platform, enables Norm clients to transform workflows and apply compliance checks at the source of business activities.
We are setting the norms for compliance processes at the largest institutions in the world. Our client base includes firms with a combined $17 Trillion in assets under management, and growing quickly.
Our Software Engineers came from Palantir, Google, Meta, AWS, Harvard, Stanford, and MIT. Our Legal Engineers are from Harvard Law, Stanford Law, Yale Law, Sullivan & Cromwell, Simpson Thacher, Davis Polk, Greenberg Traurig, the SEC, the Marines, and FINRA.
We have raised $85 million over the past 18 months from leading VCs and global institutions, including Vanguard, Blackstone, Bain Capital, Coatue, New York Life, Citi, and TIAA.
This Role
As Director of Information Security you will be responsible for ensuring that Norm Ai is continuing to adhere to the highest enterprise standards and maintaining a robust information security profile to protect our client data and systems. You will own our SOC 2 Type 2 process and internal policies and procedures, as well as all associated activities such as BC/DR drills, Penetration Testing and more. You will ensure that the Norm Ai team has an Information Security-focused mindset through internal education and enablement.
You will own our internal data management policy and client contractual requirements relating to information security. You will establish processes and procedures to ensure that we continue to comply with our contractual obligations, including client reporting.
You will engage with our engineering team as needed regarding client inquiries and in order to ensure that our systems and configurations are aligned with all client requirements. You will source and implement information security systems in collaboration with our engineering team. You will meet with clients on a regular basis as part of enterprise architecture reviews and sales discussions, and will facilitate any questions they may have about Norm Ai, and will help them accelerate their work to close deals through high levels of responsiveness. You will create assets and marketing collateral describing our information security framework.
- Highly motivated and proactive. Look for any and all opportunities to improve our Information Security posture.
- Excellent communicator. Capable of engaging company employees in an efficient manner and effectively navigating stakeholder discussions.
- Discretion and credibility. Know when something is important enough to push on, with the ability to make the case for your ask in an evidence-based and effective way. Knowing when something
- Organized and effective. Be comfortable with leading our Information Security framework as an IC, handling both strategic and in the weeds tasks alike.
Skills & Experience - Core
- 5-7+ years of work experience.
- Experience leading SOC 2 Type 2 or related certification, audit, or attestation processes.
- Experience drafting and promulgating internal information security policies.
- Experience leading educational programs to build information security awareness.
- Experience with SaaS and AI software.
- Technical enough to have a deep and in-the-weeds discussion with an engineer that will allow them to instantly understand your point of view.
Skills & Experience - Pluses
- Prior engineering experience.
- Experience with enterprise architecture (SSO, Private Clouds, VPN Whitelisting).
- Experience with HIPAA.
- Experience with FEDRAMP.
What Success Looks Like
30 days
You have gotten fully up to speed regarding all of our information security practices and existing framework.
You have reviewed all of our existing policies and procedures.
You have taken ownership of our existing Information Security platforms.
60 days
You have a deep understanding of our architecture.
You require no assistance in order to successfully complete an information security questionnaire.
You have made concrete suggestions for areas to push our Information Security posture forward.
90 days
You are independently running our information security program.
You are able to take client calls regarding Norm Ai information security and architecture independently.