Head of Security – Infinity Constellation

About Infinity

Infinity Constellation (infinityconstellation.com) builds, incubates, and scales AI-enabled services companies across multiple complex and regulated industries. Our companies combine machine intelligence with human expertise to deliver next-generation solutions that redefine what professional services can be.

Role Overview

Infinity is seeking a Head of Security to design and oversee the security strategy across the entire portfolio. This leader will establish Infinity’s foundational security program, implement scalable processes and controls, and ensure our companies consistently meet and exceed client security and compliance expectations.

The role requires both strategic vision and hands-on execution. You’ll be responsible for building the frameworks that unify Infinity’s security posture, while also diving deep into individual portfolio companies to stand up policies, remediate gaps, and directly support client/vendor diligence reviews. Over time, this function may evolve into a dedicated security services offering within Infinity’s shared services ecosystem.

Key Responsibilities

• Security Program Leadership

  • Build Infinity’s portfolio-wide security policies, standards, and controls.

  • Own certification/compliance programs (SOC 2, ISO 27001, HIPAA GDPR/CCPA alignment, etc.).

  • Maintain a central library of security documentation to support sales and client diligence.
    

• Governance, Risk & Compliance

  • Develop and oversee vendor/third-party risk management.

  • Implement data classification, retention, and destruction policies.

  • Ensure consistent incident response, access review, and audit cadences across companies.
    

• Hands-On Company Engagement

  • Partner with engineering and leadership teams at portfolio companies to establish secure practices from day one.

  • Lead security diligence with client and vendor teams, ensuring successful outcomes.

  • Standardize secure development lifecycles, access management, and cloud security baselines.
    

• Incident Response & Continuity

  • Implement an incident response framework with clear escalation paths.

  • Run tabletop exercises, penetration testing, and remediation tracking.

  • Build continuity/disaster recovery standards that scale across companies.
    

• Enablement & Culture

  • Lead company-wide security training and awareness programs.

  • Build a “secure by default” culture that supports, not slows, innovation.

  • Serve as the trusted advisor to leadership on risk, compliance, and client security expectations.
    

Qualifications

• 7+ years in security leadership roles, ideally spanning both startup and enterprise contexts.

• Track record of building and running SOC 2, HIPAA, ISO 27001, or equivalent programs.

• Experience in client facing roles interfacing directly with stakeholders and client security teams as a part of the sales process

• Strong technical understanding of cloud security (AWS/GCP), encryption, identity and access management, and secure SDLC practices.

• Experience successfully navigating client/vendor security diligence processes.

• Ability to operate both strategically (designing systems for scale) and tactically (closing gaps in fast-moving environments).
  

What Success Looks Like

First 3 Months

• High priority portfolio companies have established security programs

• High priority portfolio companies have established security documentation for use by client sales teams

First 12 Months

• A portfolio-wide security program is established and documented.

• Core certifications (SOC 2 Type I/II or equivalent) underway or complete.

• Centralized security documentation package (“deal room”) created and in use.

• Client/vendor diligence reviews consistently passed with no material gaps.

• Security becomes a competitive advantage across the Infinity portfolio.