Head of IT, Security & Compliance

Head of IT, Security & Compliance

About Hanzo

Hanzo is the legal data management platform trusted by Fortune 500 companies — including IBM, Uber, and Experian — to handle their most sensitive eDiscovery, legal hold, and compliance challenges. As we scale our AI-powered product suite and expand across regulated industries including government and healthcare, we're looking for a seasoned leader to own IT infrastructure, information security, and regulatory compliance at both a strategic and operational level.

Role Overview

This role leads Hanzo’s IT, cybersecurity, and compliance functions—owning the systems, infrastructure, and data that keep our business secure, scalable, and client-ready. You’ll operate at both the strategic and hands-on level, rolling up your sleeves to build, improve, and protect what matters most. This role works closely across every part of the business.

At Hanzo, we move fast and expect everyone to jump in where needed. That might mean joining a client call, contributing to an RFP, or helping shape how we scale. We’re collaborative, low-ego, and biased toward action.  This role is remote, however, this role will be expected to assist with US clients as needed and support EU and US employees.

Everyone here has a voice and real ownership. The best ideas win—no matter where they come from—and you’ll play a key role in building what’s next.

Key Responsibilities

Security & Compliance

• Own and lead cybersecurity strategy, policies, and execution
• Manage security architecture, monitoring, and incident response
• Maintain compliance programs (ISO 27001, SOC 2, GDPR, HIPAA) and ISMS
• Lead audits and manage client/prospect security questionnaires
• Work with Engineering to identify and remediate vulnerabilities
• Oversee penetration testing and vulnerability management
  
  

IT & Systems

• Own internal IT systems, infrastructure, and tooling
• Manage onboarding/offboarding processes and access controls
• Oversee identity and access governance
• Ensure endpoint security and device management
• Maintain internal IT policies and operational standards
• Support data governance and internal data protection practices
  
  

Cross-functional

• Partner with Engineering, Product, Legal, and Finance
• Balance security, usability, and operational efficiency
• Provide visibility into security and IT posture across the company
  
  

Skills & Experience

• Strong experience with AWS, GCP, or Oracle Cloud
• Deep knowledge of SOC 2, ISO 27001, NIST, GDPR, HIPAA
• Experience with SIEM, IDS/IPS, OAuth2, Elastic and Endpoint security tools
• Strong IT infrastructure and systems knowledge
• Experience working with engineering teams on security
• Scripting ability (Python, Bash or similar)
  
  

Additional / Preferred

• Experience with AI/LLM tools (e.g. Claude) for security automation
• DevSecOps and automation experience
• Experience in regulated environments
• Cloud or security certifications
  
  

Hanzo is an equal-opportunity employer committed to diversity, equity, and inclusion.  We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every person. 

Compensation for this role will depend on a number of factors, including a candidate’s qualifications, skills, competency, and experience.