About this position:

We're looking for a highly technical IT Lead (12+ years experience) to own and evolve our corporate IT systems/access and security at a senior level. This is not a "tickets all day" role - it's a high technical role that still stays close to the planning and the execution. You'll be responsible for building secure, configure, and well-governed systems or 3rd party integration across identity/access, endpoint management, device compliance, and core productivity platforms (Google Workspace and key SaaS).

This person will be the technical owner for IT foundations that support SOC2/ISO readiness, secure access, reliable onboarding/offboarding, and device compliance across a growing organization.
What you'll be doing:
Strategy

• Participate and advise on the IT technical roadmap across identity, endpoint security, access governance, and core corporate systems.
• Partner with Security/Infra to ensure SOC 2 Type II and ISO 27001 controls are operational (and not just documented).
• Establish standards for device compliance, access management, and SaaS lifecycle (intake → review → onboarding → offboarding).
• Drive adoption of scalable patterns:SSO-first, least privilege, automated lifecycle management, and measurable compliance.
• Government of IT equipment in company offices (equipment in conference rooms, entrance doors, security cameras, etc.)

Technical/ Execution

• Own Google Workspace administration end-to-end (org policies, groups, security settings, audits, access hygiene).
• Lead Identity & Access Management: SSO/SAML, SCIM provisioning, group-based access control, and app access patterns.
• Own device endpoint management at scale:
• Kandji/Iru (Mac) and Intune (Windows) device policy enforcement
• OS update compliance, encryption, malware protection, and reporting
• Build and maintain operational automation:
• BetterCloud or SaaS Manager workflows (onboarding/offboarding, group membership, access reviews)
• Scripted automation (where appropriate) to reduce manual work
• Own core "security hygiene" within IT:
• Account lifecycle, joiner/mover/leaver processes
• Device inventory accuracy and compliance dashboards
• Audit evidence collection that's clean and repeatable
• Support vendor/tool governance:
• Software inventory ownership (admin + business owner)
• Vendor classification and risk review inputs (in partnership with Security/Legal)

Team / Collaboration

• Partner with Infra/DevOps/Security to align on controls, identity design, and incident readiness.
• Work with HR/PeopleOps on onboarding/offboarding and policy rollout.
• Collaborate with Finance/Procurement on renewals, licensing discipline, and cost visibility.
• Create clear documentation/runbooks so IT is easier to operate and scale.

Research/Best Practices

• Define "how we work" standards: SLA tiers, escalation rules, evidence cadence, and system ownership.
• Reduce repeat incidents via automation, standardization, and root-cause improvements.
• Build a monthly operating rhythm: access reviews, device compliance review, vendor/tool audits, and reporting.

What success looks like:
First 30 days:

• Meet key stakeholders (IT, Security, DevOps, HR, Finance). Take ownership of IT intake: ticket flow, SLA usage, escalations, and current pain points. Audit Google Workspace, groups, SSO apps, device inventory (Mac/Windows), and current policies. Review SOC2/ISO requirements that touch IT (access, device compliance, evidence). Identify quick wins: cleanup high-risk access, fix top recurring tickets, and document "how-to" basics for the team.

First 60 days:

• Stabilize operations: reduce ticket backlog, tighten prioritization, and improve response consistency. Implement a clear onboarding/offboarding workflow (Google Workspace + SSO + device provisioning) and standardize access requests. Roll out baseline endpoint compliance reporting (Kandji/Intune) for patching, encryption, AV. Build a vendor/software inventory with owners and admin contacts. Start monthly access reviews + evidence collection cadence for SOC2 (and prep for Type II).

First 90 days:

• Deliver measurable improvements: faster onboarding, fewer repeat tickets, and higher endpoint compliance (patching/encryption/AV). Lock down SSO standards: app catalog, ownership, least-privilege groups, and (where possible) SCIM automation. Formalize IT runbooks and a small project roadmap (next quarter). Ensure SOC2/ISO readiness is "operational," not ad-hoc: recurring evidence, vendor reviews, and audit-ready documentation. Present a clear plan for future capacity needs (contractor vs hire) based on volume and risk.

What you bring:

• 12+ years in IT engineering / systems administration / corporate systems leadership (senior technical depth).
• Deep expertise in Google Workspace administration and security controls.
• Strong experience with SSO/SAML and SCIM (Okta or similar IdP), group-based access models, least-privilege design.
• Strong endpoint management experience: Kandji (Mac) and/or Intune (Windows), patching, encryption, AV, compliance reporting.
• Comfort operating in a compliance-driven environment (SOC2 / ISO), including evidence, audits, and operational controls.
• Strong documentation habits and a "make it repeatable" mindset.
• Calm, practical, senior ownership: can run the work, prioritize, push back, and build scalable patterns.

Nice to have

• BetterCloud or similar automation tooling experience
• Vendor risk management inputs and software governance experience
• Experience rolling out Okta/device trust policies or conditional access
• Experience building IT dashboards and metrics (SLA, compliance, lifecycle time)
• Experience with auditing mechanisms and processes (SOC2, ISO 27001)

How you work:

• Driven by Impact: You deliver results that matter-prioritizing high-value work, meeting deadlines, and adapting quickly while keeping outcomes clear.
• Strategic & Customer-Centric: You anticipate risks and opportunities, connect decisions to long-term growth, and build trust through proactive insights.
• Curious & Growth-Oriented: You seek knowledge, ask sharp questions, and apply learnings fast-challenging the status quo with a mindset of improvement.
• Collaborative & Resilient: You thrive in change by staying resourceful, solution-focused, and positive-removing roadblocks, sharing insights, and keeping morale high.
• Accountable & Honest: You own your work, hold yourself and others to a high bar, and use transparent feedback to drive growth.
• Emotionally Intelligent: You build trust through empathy and collaboration, foster inclusion, and inspire others with grit, optimism, and integrity.

Our approach to compensation:

We take a market-based & data-driven approach to compensation. We leverage data from trusted third-party compensation sources to help us understand the market value of a role based on function, level, geographic location, and scope. We evaluate compensation bi-annually, including performance and market-related factors.

Our salaries are benchmarked against market Total Cash Compensation for the geographic location of our job posting. Compensation for some roles is structured as On Target Earnings (OTE = base + commission/variable) while for others it is structured as Salary only.

To comply with local legislation and ensure transparency, we share salary ranges on all job postings. Skills, experience and other factors help determine the final salary we offer which may vary from the original range posted.

Additionally, all permanent team members are eligible to participate in various benefits plans as part of their overall compensation package.

Salary Range:

$110,000- 150,000 USD

#LI-Hybrid

Where we work:

We have offices in Boston, MA; Vancouver, BC; Chicago, IL; and Vancouver, WA. For select positions, we are open to hiring fully remote candidates. We post our positions in the location(s) where we are open to having the successful candidate be located.