The opportunity:We're hiring our first Director of IT to build Stepful's IT and security function from the ground up. You'll own our path to SOC 2 certification and everything that keeps a fast-growing company running securely - from identity and access management to the laptop that lands on every new hire's desk. This is a hands-on role to start: you'll operate as an individual contributor, set the strategy, and build out a team as the company scales.
This role reports directly to the SVP, Engineering and partners closely with Engineering, Finance, People, and our B2B teams across the organization.
This is a hybrid opportunity based out of our NYC office, requiring three days/week (Tuesday, Wednesday, Thursday) in office.
What you'll do:- Security & Compliance: Own Stepful's security program end to end, leading our SOC 2 effort from readiness assessment through audit and ongoing compliance
- Define and enforce security policies, identity and access management, and least-privilege controls across the organization (SSO, MFA, access reviews)
- Support our B2B healthcare partnerships by owning security questionnaires, vendor assessments, and customer audit requests
- IT Operations: Own the full equipment lifecycle - procurement, MDM deployment, inventory, and seamless onboarding/offboarding for every employee
- Manage our SaaS application stack, including provisioning, access governance, vendor security reviews, and spend optimization
- Build scalable IT support processes and serve as the escalation point for day-to-day IT needs, rolling up your sleeves while the function is small
- Partner with Engineering on incident response, endpoint security, and infrastructure hardening
- Team Building: Define the long-term IT roadmap and build, hire, and lead the team as Stepful's needs grow
What you'll bring:- 8+ years of IT experience, including experience leading IT or security functions at a high-growth startup
- Hands-on experience driving a SOC 2 certification (Type I and II) from readiness through audit
- Deep expertise with the modern IT stack: MDM (e.g., Kandji, Jamf), identity providers (e.g., Okta, Google Workspace), and endpoint security tooling
- Proven ability to operate as a strategic leader and a hands-on individual contributor at the same time
- Strong vendor management skills across hardware, software, and audit partners
- Exceptional communication skills with the ability to make security and compliance accessible to non-technical teams
- A builder's mindset - you're energized by creating processes and systems from scratch, not inheriting them
Bonus points if:- You have experience with HIPAA or healthcare data compliance
- You've built an IT function from zero at a scaling company
- You've worked in EdTech, healthcare, or another mission-driven industry
Interview Process:- Introductory call with Talent Acquisition team member
- Interview with Hiring Manager
- Take-Home Assignment and Presentation
- On-Site Panel Interview
Benefits and Compensation:- Meaningful Equity Stake
- Subsidized Medical, Dental, and Vision insurance plan options
- 401(k)
- FSA, HSA and commuter benefits
- Open vacation policy, including:
- Guidance of 15 days PTO annually
- Stepful closed the last week of December
- 15 work-from-anywhere days
- 10 public holidays observed for 2026
The target base salary range for this opportunity is $200,000 - $250,000, and is part of a competitive total rewards package including equity and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, internal pay equity and other relevant business considerations.