IT Security & Compliance Lead

Job Description: • Own internal IT systems including identity management, device management, endpoint security, and SaaS tooling. • Lead SOC 2 and other compliance programs, including audit readiness, evidence collection, auditor coordination, and remediation. • Design, implement, and maintain security controls such as access controls, encryption, logging, and vulnerability management. • Develop and maintain security policies, procedures, and documentation aligned with frameworks such as SOC 2, NIST, and ISO 27001. • Manage identity lifecycle processes, including onboarding, offboarding, and access reviews using least-privilege principles. • Evaluate, select, and implement IT and security tools (MDM, EDR, SSO/IdP, DLP, logging). • Oversee vendor security reviews and third-party risk management. • Partner with engineering and operations to ensure secure configurations across cloud infrastructure and SaaS applications. • Participate in incident response activities and drive continuous improvement from security events. • Automate IT and security workflows where possible to improve efficiency and reliability. Requirements: • 5+ years of experience across IT, security engineering, or compliance-focused roles • Hands-on experience leading SOC 2 audits (Type I or II) or comparable compliance efforts • Strong understanding of identity and access management, endpoint security, and SaaS security configuration • Experience working in cloud-first environments (AWS, GCP, or Azure) • Comfortable owning ambiguous, cross-functional problems and prioritizing pragmatically • Strong communication skills and the ability to work effectively with both technical and non-technical stakeholders • Experience with scripting or automation for IT/security workflows is a plus. Benefits: • 100% employer-funded healthcare • Flexible managed PTO • Training and education funding • Regular in-person retreats Apply tot his job