Clearstory is looking for an IT & Security Operations Manager to manage and improve the day-to-day operations of our IT, security compliance, and corporate systems infrastructure.
We've built a solid foundation - SOC 2 compliance tooling in Vanta, structured onboarding and offboarding workflows, a vendor security review process, and a cross-functional data governance program. What we need is a dedicated owner to manage these programs day-to-day, project manage key deliverables, maintain what's already working, and identify opportunities to improve and scale as we grow.
If you thrive as the go-to person for IT, compliance coordination, and keeping an organization running smoothly, this role is for you.
ResponsibilitiesIT Administration- Manage day-to-day identity and access management - Google Workspace admin, Slack admin, AI platform administration, shared inbox management
- Run employee onboarding provisioning - Day 1 account creation, checklist management, Vanta security onboarding, welcome communications, completion tracking
- Run employee offboarding - access revocation, system owner coordination, equipment return, deprovisioning verification within SLA
- Serve as the internal IT point of contact - password resets, hardware troubleshooting, software support, connectivity issues
- Manage the asset lifecycle - laptop procurement, serial number tracking, equipment reassignment, peripherals ordering
- Coordinate the annual SOC 2 audit process - project manage evidence collection, organize documentation, track control status in Vanta, follow up on remediation, and liaise with external auditors
- Execute quarterly and annual access reviews, verifying active users against the employee roster, documenting findings, and remediating stale access
- Manage Vanta day-to-day - dashboards, weekly compliance summaries, Trust Center access requests, failed test remediation
- Monitor and drive employee security compliance - agent installs, 1Password provisioning, MFA enforcement, security awareness training
- Take first pass on inbound customer security questionnaires and maintain an answer library to streamline future responses
- Track and execute data governance action items from biweekly cross-functional meetings - tool policy enforcement, vendor risk monitoring, etc.
Security & Compliance- Coordinate the annual SOC 2 audit process - project manage evidence collection, organize documentation, track control status in Vanta, follow up on remediation, and liaise with external auditors
- Execute quarterly and annual access reviews, verifying active users against the employee roster, documenting findings, and remediating stale access
- Manage Vanta day-to-day - dashboards, weekly compliance summaries, Trust Center access requests, failed test remediation
- Monitor and drive employee security compliance - agent installs, 1Password provisioning, MFA enforcement, security awareness training
- Take first pass on inbound customer security questionnaires and maintain an answer library to streamline future responses
- Track and execute data governance action items from biweekly cross-functional meetings - tool policy enforcement, vendor risk monitoring, etc.
Business Operations- Maintain and improve a centralized SaaS inventory - tools, seat counts, renewal dates, and costs. Keep a renewal calendar with advance notice to budget owners
- Manage new software requests - intake, triage, security review routing, approval tracking, provisioning
- Prepare vendor security assessments - collect SOC 2 reports, DPAs, and documentation for CTO review and approval
- Support office IT and facilities - conference room AV, key fob provisioning, building management coordination
- Document key processes - onboarding/offboarding runbooks, SOC 2 evidence collection guides, vendor review steps, AI usage best practices
- Identify and implement automation opportunities - workflows for onboarding triggers, access request routing, renewal reminders, and offboarding checklists
The OpportunityThis is an opportunity to be the dedicated owner of IT and security operations at a growing SaaS company.
You will:
- Take ownership of established compliance, IT, and security programs and keep them running smoothly
- Project manage SOC 2 audit readiness as the company expands its customer base
- Identify gaps and inefficiencies in existing workflows and fix them
- Help create scalable processes that support the company through its next stage of growth
- Work cross-functionally with Engineering, Finance, and GTM teams
Success in this role means Clearstory's IT, security compliance, and corporate systems run reliably and keep getting better over time.
Requirements- 4-7 years of experience in IT operations, security operations, or SaaS business operations
- Hands-on SOC 2 evidence collection and audit coordination experience (not just awareness - you've done the work)
- Google Workspace administration experience (security settings, groups)
- Experience with compliance platforms like Vanta, Drata, or similar
- SaaS vendor management experience - renewals, license optimization, procurement intake
- Comfort with automation tools to streamline established workflows
- The ability to work directly with a CTO on security operations without needing hand-holding on fundamentals
- A builder's mindset - you'd rather create a process than follow a broken one, and you document what you build
Strong plus if you have:
- Experience completing customer security questionnaires
- Office or facilities coordination at a startup
- MDM deployment experience
About YouYou're a hands-on operator who gets things done without being asked. You see a problem, fix it, and move on - whether that's a password reset at 9am or prepping access review documentation at 2pm. Task size doesn't faze you because you know the small stuff and the big stuff both matter at a company this size.
You're organized and reliable. When you're asked to coordinate an offboarding or chase down a vendor's SOC 2 report, it gets done on time and nothing slips. You're comfortable working across teams - Engineering, Finance, GTM - and you can translate security and IT requirements into plain language for people who don't live in that world.
You understand that IT and security operations at a growing company isn't glamorous - but you also know it's foundational. You've seen what happens when access deprovisioning slips or when SOC 2 evidence collection becomes a fire drill. You're the person who keeps things running so that doesn't happen.
This is not a security engineering or CISO-track role - the CTO owns security architecture and policy. This is not a pure helpdesk role either - IT support is part of the job, but compliance coordination and process maintenance are the core.
Benefits- Competitive salary and meaningful equity ownership
- Comprehensive health, dental, and vision coverage
- 401(k) plan to support your long-term financial goals
- Flexible PTO and company holidays
- Remote-friendly work environment with flexibility and autonomy
- Opportunity to work alongside a high-caliber, mission-driven team
- Career growth and leadership opportunities as the company scales