IT & Compliance Lead

Job Summary

Required Qualifications

• 5+ years of experience in IT, Security, SecOps, or Compliance roles within a high-growth company
• Proven ownership of major audits end-to-end including SOC 2 Type II, ISO 27001, GDPR, ISO 42001 / AI governance frameworks
• Strong IT / SysAdmin foundation, with hands-on experience managing: Identity & access management (SSO, SCIM, RBAC, lifecycle automation), Endpoint management (MDM, EDR, device hardening), Password managers, access workflows, and user provisioning/de-provisioning etc
• Comfortable being the single-threaded owner for compliance and audit readiness
• Deep understanding of security controls, risk management, and evidence mapping, with the ability to translate abstract requirements into real, enforceable processes
• Experience running continuous compliance using tools like Sprinto, Vanta, Drata, or similar
• Strong working knowledge of cloud security fundamentals (preferably GCP or AWS), including logging, monitoring, access controls, and baseline hardening
• Experience owning or contributing to: Risk registers and remediation tracking, Vendor and third-party security reviews, Customer security questionnaires and due-diligence processes
• Ability to partner cross-functionally with Engineering, Legal, Product, Finance, and Leadership — influencing without slowing teams down
• Comfortable acting as the escalation point during security or compliance incidents, including driving root cause analysis and post-incident reviews
• Strong documentation and communication skills — able to clearly explain security posture to auditors, customers, and internal teams
• Bias toward automation, scalability, and pragmatism over checkbox compliance
• High ownership mindset - you don’t wait to be told what’s broken; you find it, fix it, and prevent it from breaking again