The Role :

We are looking for a Head of Infrastructure, Security & Compliance who will own the reliability, security, and compliance posture of Arintra's technology platform end-to-end. This is a hands-on leadership role you will both architect and execute, while building and mentoring a team. You will be the single accountable owner for GCP infrastructure, observability, HIPAA and SOC 2 compliance, IT and data security, and vendor management. You will work closely with the Founder/CEO, Engineering Leads, and Customer teams, and will represent our security posture to enterprise hospital customers.

What You Will Own :

Infrastructure & Platform :

- Architect and manage Arintra's GCP environment GKE, Cloud SQL (PostgreSQL), Pub/Sub, BigQuery, Cloud Run, VPC, IAM

- Own environment stability across dev, staging, and production define and enforce deployment standards and isolation

- Lead cost optimisation initiatives commied use discounts, rightsizing, BigQuery cost governance, idle resource management

- Build and maintain Infrastructure-as-Code practices using Terraform or equivalent

- Manage AI infrastructure LLM serving pipelines, inference cost management, GPU/TPU provisioning where needed

- Own disaster recovery and business continuity planning RTO/RPO definitions, failover testing

Observability & Reliability :

- Own and mature Arintra's observability stack Grafana, New Relic, Loki

- Define SLOs/SLAs across services and build alerting frameworks that distinguish tech alerts from business alerts

- Reduce MTTR lead incident response, RCA culture, and post-mortem processes

- Build dashboards for real-time automation rate monitoring and system health visibility for both engineering and business stakeholders Security

- Own Arintra's security posture network segmentation, IAM least privilege, secrets management, encryption at rest and in transit

- Define and enforce security policies for PHI/PII handling across all systems and teams

- Lead vulnerability management, penetration testing scheduling, and security incident response

- Ensure SMART on FHIR integrations meet security and data isolation requirements for EHR customers

- Drive security-as-code practices and shift-left security across the engineering SDLC

- Build security awareness across engineering and non-engineering teams

Compliance :

- Own HIPAA compliance end-to-end policies, controls, BAA management, and ongoing audit readiness

- Lead and complete SOC 2 Type II certification controls design, evidence collection, gap remediation

- Manage audit cycles internal and external with hospital customers and third-party auditors

- Build and maintain a compliance calendar and controls monitoring framework

- Evaluate and pursue HITRUST as the customer base grows into larger health systems

IT & Vendor Management :

- Own endpoint management, MDM, SSO/IdP (Google Workspace, Okta), and access lifecycle management for the org

- Manage external vendors security tooling, cloud cost management, compliance platforms.

- Conduct vendor security reviews and maintain a third-party risk register

- Negotiate contracts and SLAs with infrastructure and security vendors

Leadership & Team :

- Hire, develop, and retain a high-performing infra and security team

- Define career paths and growth frameworks for ICs and leads on the team

- Communicate infrastructure roadmap, security posture, and compliance status to leadership and enterprise customers

- Partner with Engineering Leads on SDLC security integration and quality gates

What We Are Looking For :

Must Have :

- 10+ years in infrastructure, DevOps, or cloud engineering with genuine production ownership, not just participation

- 3+ years in a leadership or management capacity owning a team

- Deep hands-on GCP expertise multi-environment production setup, cost reduction, IaC

- Has led or co-led a SOC 2 Type II or HIPAA audit end-to-end not just supported one

- Strong security fundamentals IAM, network security, secrets management, PHI/PII data classification

- Demonstrated cost reduction outcomes specific numbers and methods, not just frameworks

- Has built or significantly matured an observability stack from near-scratch

- Comfortable being both hands-on and strategic simultaneously this is not a pure management role

Strong Plus :

- Experience at a healthcare tech or regulated-industry startup at Series AC stage

- Familiarity with FHIR, EHR integrations, and PHI data classification in clinical systems

- AI/ML infrastructure experience model serving, LLM cost management, inference pipelines

- HITRUST awareness or prior certification experience

- Certifications : GCP Professional Cloud Architect, CISSP, CISM, or equivalent

- Experience with our stack : Java, Python, GCP, PostgreSQL, Elasticsearch, Langfuse, OpenAI/Gemini APIs