Security & Compliance Lead

Ema is building the world’s leading Agentic AI platform to transform enterprise productivity. We enable organizations to delegate repetitive tasks to Ema, the Universal AI Employee, delivering 10x gains in workforce efficiency, across functions. Founded by former executives from Google, Coinbase, Flipkart, and Okta, our team includes engineers from premier tech companies and graduates of Stanford, MIT, UC Berkeley, CMU, and IITs.

We are backed by industry leading investors including Accel, Naspers/Prosus, Section32, and angels like Sheryl Sandberg and Dustin Moskovitz. Headquartered in Silicon Valley and with offices in London, Bangalore and Vancouver and Bangalore, Ema is at the frontier of what Agentic AI can do in production — we ship real systems that run real business processes at scale.

We are looking for a Security & Compliance Lead to own Ema's entire security and compliance posture — both internal and customer-facing. This is a critical, high-visibility role that sits at the intersection of enterprise compliance, cloud infrastructure security, and the rapidly evolving landscape of AI/ML-driven development.

You will report directly to the Head of Engineering and serve as the single point of accountability for how Ema secures its platform, earns customer trust, and stays ahead of regulatory requirements in the agentic AI space. You will work closely with our Infrastructure team, Product Engineering, and directly with the InfoSec teams, CISOs, and compliance officers of our global enterprise clients.

Compliance & Regulatory Leadership

• Serve as the primary point of contact for customer InfoSec teams and CISOs during security reviews, vendor assessments, and due diligence cycles.

• Have high ownership in building and maintaining the security posture of the organization. Play a critical role in hiring and mentoring folks.

• Own and drive SOC 2 Type II, PCI DSS, FedRAMP, ISO 27001/27701/27017/42001, DORA and UK Cyber Essentials Plus, HIPAA and GDPR compliance programs end-to-end — from gap analysis through audit readiness and certification maintenance.

• Build and maintain Ema's compliance documentation, evidence repositories, and control frameworks. Keep our Trust Center (trust.ema.ai) current and credible.

• Navigate the emerging regulatory landscape for AI/ML systems — including AI governance frameworks, model risk management expectations, and data residency requirements across global markets.

Security Posture & Architecture

• Define and enforce Ema's internal and external security perimeters — covering cloud infrastructure, application security, API security, network segmentation, and access controls.

• Work closely with the Infrastructure team to harden production environments, implement zero-trust principles, and ensure secure multi-tenant and air-gapped deployment architectures.

• Establish and run vulnerability management, penetration testing, and incident response programs. Own the security incident lifecycle from detection through post-mortem.

• Evaluate and implement security tooling: SIEM, CSPM, SAST/DAST, secrets management, and runtime protection.

• Strong understanding of WAF. Expertise on Cloudflare, Akamai etc .. is beneficial.

• Exposure to enterprise security layers → workspace, identity providers.

DevSecOps & AI-Native SDLC

• Pioneer the DevSecOps practice for an AI-first engineering org — embedding security into CI/CD pipelines, code review workflows, and deployment gates.

• Innovate on the SDLC for the age of AI-driven development: define guardrails for AI-generated code, secure model pipelines, protect training data integrity, and establish provenance tracking for agentic workflows.

• Secure the ML/Agentic stack specifically — model serving infrastructure, prompt injection defenses, agent-to-agent trust boundaries, and data exfiltration prevention in LLM-powered systems.

• Champion a security-aware engineering culture through training, threat modeling workshops, and lightweight governance that accelerates rather than blocks delivery.

Enterprise Client Engagement

• Partner with Sales Engineering and Customer Success to support enterprise deals — completing security questionnaires, participating in client CISO reviews, and designing customer-specific security architectures.

• Work with global enterprise clients across regulated industries (financial services, healthcare, government) to meet their security and compliance requirements.

• Translate complex compliance requirements into engineering work, and communicate Ema's security story with clarity and confidence to technical and executive audiences.

• 8+ years of experience in security engineering, compliance, or DevSecOps — with at least 3 years in a lead or senior IC role owning compliance programs.

• Deep, hands-on experience with SOC 2 Type II, PCI DSS, and FedRAMP. Experience with HIPAA and GDPR is strongly preferred.

• Strong background in cloud security on GCP, Azure — including IAM, network security, container/Kubernetes security, and infrastructure-as-code security.

• Experience securing ML/AI systems is a significant plus — model pipelines, training data governance, inference security, and the unique threat surface of agentic/LLM systems.

• Track record of working directly with enterprise client security teams, CISOs, and auditors. Comfortable in high-stakes customer-facing conversations.

• Familiarity with modern DevSecOps tooling: SAST/DAST (Snyk, Semgrep, etc.), CSPM (Wiz, Prisma), SIEM, secrets management (Vault), and CI/CD security integration.

• Strong written and verbal communication — you can write a clear security policy and present a compliance roadmap to a board audience.

• Bias toward action, pragmatism over perfection, and a builder's mindset. You thrive in a fast-moving startup that ships to large enterprises.

• Relevant certifications: CISSP, CISM, Lead Auditor, CCSP, CCSK or equivalent.

• Experience building security programs from the ground up at a high-growth startup.

• Familiarity with AI governance frameworks (NIST AI RMF, EU AI Act, ISO 42001).

• Experience with on-premise / air-gapped deployment security for enterprise customers.

• Prior experience in a platform or infrastructure company serving regulated verticals.

• Shape the security foundation of a category-defining AI platform — your decisions will directly impact how the world's largest enterprises trust and adopt agentic AI.

• Work at the frontier of AI security — securing LLM-powered agents, agentic workflows, and ML infrastructure presents novel challenges you won't find anywhere else.

• High-impact, high-visibility role with direct access to the Head of Engineering and enterprise CISOs.

• Well-funded company with a proven product, blue-chip enterprise customers, and a team that combines deep AI expertise with enterprise delivery discipline.

• Competitive compensation, equity, and the opportunity to build something that matters.

Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for variable compensation, equity, and benefits.

Ema Unlimited is an equal opportunity employer and is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity, or genetics.