About Humanly

Humanly builds AI-native hiring software that turns recruiting from a reactive scramble into a predictable system. Built for hourly, frontline, and high-volume hiring, we don't just give teams tools — we deliver pre-vetted, ready-to-hire candidates on demand. Our AI conducts over 9,000 interviews a day for hundreds of customers, including Microsoft, Domino's, MGM Resorts, and Massage Envy.

We recently closed a $25M Series B, and we're using it to accelerate what's already working: expanding the platform, growing the team, and deepening our reach with the companies who rely on us. Headquartered in Bellevue, WA with a team that spans the globe, we're at the stage where the foundation is built, the momentum is real, and the ceiling is wherever we decide to put it.

We call ourselves Human Beans. We take ownership, move fast, and care about doing the right thing — for our customers, for candidates, and for each other. AI is core to what we build, and we're intentionally building a workplace where it's embedded in how we work too. We know the future is changing, and we're changing with it. If that's the kind of place where you do your best work, we'd love to meet you.

The Role

Own and scale the data security, compliance, and AI governance program for Humanly, an HR tech platform entrusted with sensitive employee, candidate, and workforce data. This role sets strategy and drives execution to protect the company and its customers, enable revenue, ensure responsible AI development, and keep us ahead of a fast-moving regulatory landscape. Reports to the Chief Technical Strategist.

What You’ll Own

Security & Compliance

• Establish, maintain, and continuously improve the policies, procedures, and controls that protect the company and drive adoption across every function. Own the certification and audit roadmap and partner with engineering on secure SDLC, vulnerability management, and access governance.

• Design and run the security awareness program - onboarding, annual training, phishing simulations, and role-based training for engineers and high-risk functions - and foster a culture where security, privacy, and responsible AI are shared responsibilities rather than blockers.

• Own the security incident response plan and lead detection, containment, investigation, breach notification decisions, and post-incident review in partnership with legal.

• Maintain and regularly test business continuity and disaster recovery plans.

Privacy & Data Protection

• Own the privacy program across GDPR, CCPA/CPRA, and the evolving patchwork of US state and international privacy laws, including data subject rights workflows, DPAs, and sub-processor disclosures.

• Partner closely with legal counsel, and serve as DPO where required.

AI Governance

• Build and operate the AI governance framework - model inventory, risk classification, review and approval, bias and fairness testing, and ongoing monitoring - for both customer-facing AI features and internal employee use of AI tools.

• Drive compliance with AI-specific regulations affecting HR tech.

Risk Management

• Maintain an enterprise risk register covering security, AI, privacy, and third-party risk, and drive periodic assessments and remediation.

• Lead vendor and third-party risk management and evaluate cyber insurance coverage in partnership with finance and legal.

Customer & Revenue Enablement

• Own the security and trust narrative for prospects and customers, leading responses to RFIs, RFPs, and security questionnaires alongside GTM, and supporting Customer Success on customer security inquiries and assurance activities.

• Maintain a customer-facing trust center with current certifications, sub-processors, policies, and security documentation.

What You'll Bring

• 5+ years in information security

• You've owned a compliance program end-to-end and not just contributed to one. You know what it takes to get to SOC 2, and what comes after

• You've operated in a regulated environment (GDPR, CCPA, or similar) and understand privacy not as a legal checkbox but as a product and trust issue

• Builder mindset. You can assess what's in place, decide what's worth keeping, and build what isn't there yet, without waiting for a team under you

• Commercial orientation. You've sat in customer calls, answered security questionnaires, and know how to turn trust into a revenue lever rather than a deal blocker

• AI governance experience, or strong familiarity with the emerging landscape. You understand the specific risks AI introduces in a data-sensitive product and have opinions on how to manage them

• Tactical-to-strategic range. You can go from reviewing a vendor contract to advising leadership, and you're comfortable with both

• AI fluency in your own work. You're already using AI tools to multiply your efforts, not just governing others' use of them

Even Better

• Background in HR tech, fintech, health tech, or another vertical where people data is the core risk surface

• Hands-on AI governance experience: model inventory, bias testing, regulatory compliance.

• Relevant certifications: CISSP, CISM, CIPP/E, or equivalent

What We Offer

• Collaborate with a diverse and passionate team dedicated to transforming the hiring landscape

• Competitive compensation + equity

• Company sponsored medical, dental, and vision plans for employees

• Learning & development stipend

• Wellness stipend

• 401(k) program

• 12 weeks fully paid parental leave

• Flexible PTO

• Recognition programs and prizes

• Company retreats and team building events!