About the RoleCaribou Corporate TechnologyMaybe you came up through security - incident response, GRC, compliance programs - and over time took broader ownership of the tools and systems that make a company capable. Or you came up through IT and digital workplace leadership, and earned your security credentials by stepping into the function when your company needed it. Either path lands you in the same place: someone who can guide a senior security team, run the SaaS and AI tools portfolio, and build the enablement motion that turns licensed software into actual productivity.
On the security side, that means you9ve been the person who delivered a SOC 2 audit, not just the person in the room. You9ve tuned a SIEM, led an incident, and written GRC controls that held up under scrutiny. On the IT side, that means you9ve run a SaaS portfolio, built adoption programs that changed how people work, held real accountability for identity and access, and have the instinct to build an AI enablement program for employees who don9t write code. What matters is that you9ve done both meaningfully, not which one came first.
You will own Caribou9s security and IT programs. Your team includes three senior security practitioners and a senior IT administrator. You set the direction, hold the strategy and vendor relationships, and keep the programs advancing.
We believe CTech works best as a partnership with employees, not a policing function - you9ll keep it that way. This role reports directly to the CTO, designed for a leader who wants to evolve the function and grow their career alongside a rapidly scaling company.
LocationsCandidates are welcome to work remotely from the states of AZ, CO, DC, IL, MD, TX, and VA with a preference for the Chicago IL, Denver CO, or Phoenix AZ areas. Caribou does provide the option to work in-office or hybrid from our Denver, CO or Chandler, AZ offices. We may consider remote candidates in CA, FL, MA, NY, OR, WA, and WI, subject to additional approval. Eligibility by state is subject to change.
OutcomesHere9s what success looks like in the first 12-18 months:
- Caribou9s security posture advances year over year - the program has a roadmap, diligence reviews go smoothly, and findings reflect it
- SOC 2 Type II delivers clean with no surprises - systematic evidence collection, not a heroics sprint at audit time
- Detection and response capabilities improve measurably - SIEM, CrowdStrike, Wiz, and DLP are operationally sound and the team can say why
- GRC policy and control documents reflect how Caribou actually operates, not how it operated two years ago
- Licensed tools earn their keep - Google Workspace, Slack, Atlassian, Asana, 1Password, and Adobe are actively used, not just provisioned
- An operational AI enablement program that drives measurable adoption of licensed AI capabilities and a growing backlog of automated workflows
- IT operations run without drama - the MSP delivers, support is responsive, and productivity loss from tech issues stays low
- Every direct report has a growth plan, gets regular coaching, and is taking on more complex work than when you arrived
- The vendor portfolio - security and IT - delivers expected value and you can demonstrate it
Interview Roadmap:- Recruiter phone interview (45 mins)
- At-home technical assessment (40-60 mins)
- Hiring Manager video interview (60 mins)
- Final interview loop (combined 4 hrs scheduled across 1-4 business days)
What We Look ForYou don9t need to check every box - if you bring most of these, we want to hear from you.
On the security side:- You9ve delivered a SOC 2 Type II audit as the primary owner - the audit was yours to pass
- You9ve managed a detection and response function: SIEM tuning, EDR deployment, incident ownership
- You9ve built or maintained GRC policy and control documentation that held up under audit scrutiny
- You9ve worked in a regulated environment and understand how compliance obligations translate into operational controls
- You9ve managed security vendor relationships - EDR, CSPM, penetration testing firms - and can tell when a vendor isn9t delivering
On the IT and digital workplace side:- You9ve run a SaaS portfolio for a growing company - licensing, governance, adoption, and the shadow IT problem
- You9ve led an enterprise-wide software rollout end-to-end: implementation, adoption, and proof that features are delivering value
- You9ve researched, planned, or executed a rollout of enterprise AI tools and have ideas of how to do it better
- You9ve run identity and access management end-to-end - not just the policy, but the provisioning workflow and the audit evidence
- You9ve managed an MSP relationship and held them accountable to a service standard
How you lead and communicate:- You manage people through the full lifecycle - hiring, developing, delivering hard feedback, and making the call when someone isn9t growing
- You translate technical risk into business language without losing the precision that makes you credible with your team
- You sequence work - you know what to do first when everything feels urgent, and your team knows it too
- You build programs collaboratively with the people executing them, not around them
- You treat security and IT as a service to the rest of the company, not a gate in front of it
Nice to have:- Experience deploying AI tools or low-code agent platforms to non-technical employees
- EDR/CSPM platform experience
- GLBA Safeguards Rule or NYDFS familiarity
- Fintech or financial services background
We value diverse paths into corporate technology leadership - consulting backgrounds, career changers, and candidates without four-year degrees have succeeded here - and we9re actively building a team that reflects the communities we serve. Tell us what you9ve built.
How We Will Take Care of YouEveryone at Caribou is a valued team member. Our compensation and benefits package includes:
- Competitive compensation: $171,000 - $214,000
- Eligible for annual performance-based Incentive
- Equity options
- 401k savings program
- Generous paid time off including Flexible Time Off (FTO) for all employees and 100% paid parental leave for all parents
- Company-paid plans for health, dental, vision, mental health, disability, and basic life insurance
- Optional benefits to suit your individual circumstances such as HSAs, FSAs, supplemental life and medical insurance, and pet insurance
- Up to $1,000 per year for eligible professional development expenses
The essential functions of this position require consistent attendance, availability, and active engagement throughout your full scheduled shift.