Head of Information Security - Theona
About us Theona is a platform for building and deploying AI agents that take real actions across a company's tools and data. As those agents move into production, governing what they can access and do becomes mission-critical, and that is what this role owns. We are a fast-moving team shipping quickly. About the role This is our first security leader. You own security end-to-end: strategy, how we govern what our agents can do, and the trust we earn from enterprise customers. At this stage it is a player-coach role: you set direction and ship the controls yourself today, and build the team as we grow. What you will do Own how we govern what our agents can do: what they can access, the trust boundaries between an agent and the systems it touches, how OAuth tokens and credentials are scoped, and multi-tenant isolation. You set both the policy and the controls. This is what lets customers run agents on sensitive systems, and what carries us through enterprise security review. Own our security strategy and posture across the platform and its cloud infrastructure, and decide where to invest first. Be our security face to customers: own the trust center, lead enterprise security reviews, and turn what buyers ask for into our roadmap. Build the security function as we grow. For now, you are hands-on and ship the work yourself. Keep our SOC 2 and GDPR programs on track as they mature. What we are looking for 6+ years in security, including owning a security program end-to-end, not only contributing to one. Deep into how modern systems grant and scope access: identity, OAuth, secrets, cloud security, and multi-tenant isolation. Technical enough to set architecture and review controls yourself, and still get hands-on. Genuinely interested in agent and AI security: how agents are scoped, what they are trusted to do, and where the trust boundaries sit. Fluent in talking to engineers, auditors, and enterprise security buyers, and able to own a customer security review without help. Comfortable building from a near-blank slate as the only security person in the room. Nice to have Hands-on agent or LLM security: agent authorization scoping, tool-call trust boundaries, prompt and output risk. Experience taking SOC 2, ISO 27001, or GDPR through to audit. Multi-tenant SaaS isolation, and experience standing up a customer trust center. Familiarity with the agent-governance landscape (EU AI Act, NIST AI RMF, ISO 42001).
What We Offer
Contractor agreement with a US-registered legal entity. 100% remote — work from anywhere in the world. Competitive salary in USD + stock options based on contribution and strong performance. Opportunity to join a funded startup as an early employee, with equity and long-term upside potential. Wide field for growth — with the flexibility to contribute to the product and influence its direction from an early stage. Apply To This Job