Job Description:
• Own internal IT systems including identity management, device management, endpoint security, and SaaS tooling.
• Lead SOC 2 and other compliance programs, including audit readiness, evidence collection, auditor coordination, and remediation.
• Design, implement, and maintain security controls such as access controls, encryption, logging, and vulnerability management.
• Develop and maintain security policies, procedures, and documentation aligned with frameworks such as SOC 2, NIST, and ISO 27001.
• Manage identity lifecycle processes, including onboarding, offboarding, and access reviews using least-privilege principles.
• Evaluate, select, and implement IT and security tools (MDM, EDR, SSO/IdP, DLP, logging).
• Oversee vendor security reviews and third-party risk management.
• Partner with engineering and operations to ensure secure configurations across cloud infrastructure and SaaS applications.
• Participate in incident response activities and drive continuous improvement from security events.
• Automate IT and security workflows where possible to improve efficiency and reliability.
Requirements:
• 5+ years of experience across IT, security engineering, or compliance-focused roles
• Hands-on experience leading SOC 2 audits (Type I or II) or comparable compliance efforts
• Strong understanding of identity and access management, endpoint security, and SaaS security configuration
• Experience working in cloud-first environments (AWS, GCP, or Azure)
• Comfortable owning ambiguous, cross-functional problems and prioritizing pragmatically
• Strong communication skills and the ability to work effectively with both technical and non-technical stakeholders
• Experience with scripting or automation for IT/security workflows is a plus.
Benefits:
• 100% employer-funded healthcare
• Flexible managed PTO
• Training and education funding
• Regular in-person retreats
Apply Now
Apply Now