Director of IT

About The Position

Requirements

• 8+ years in corporate IT, with at least 3 years in a leadership or management role at a high-growth tech company
• Proven experience building and scaling IT functions, teams, and strategy from the ground up
• Deep expertise in identity and SSO, endpoint management, and SaaS governance (Google Workspace, Rippling, IdP providers, SCIM, SAML, OIDC)
• Strong working knowledge of SOC 2 and SOC 1, and comfort owning audit readiness and the auditor relationship
• Experience leading IT through audits, security assessments, and customer risk questionnaires
• A track record of hiring, mentoring, and developing high-performing IT teams
• Excellent communication skills, able to translate complex technical decisions into clear recommendations for executive and non-technical stakeholders
• Experience supporting a distributed, remote-first workforce with async-friendly processes and documentation
• Comfort operating inside a defined IT/Engineering split and partnering with a fractional vCISO rather than owning product security directly

Responsibilities

• Define and own Nue's corporate IT strategy, roadmap, and budget, translating company growth goals into a scalable IT foundation
• Build, lead, and mentor the IT team, fostering a culture of security-first thinking and operational excellence
• Drive IT maturity across the organization in support of SOC 2 and SOC 1 readiness
• Serve as the primary corporate IT decision-maker and escalation point for the business
• Define and govern standard patterns for user lifecycle, access control, and device posture across the workforce
• Own the design and evolution of corporate IT architecture: endpoints, identity, the SaaS stack, and networking
• Oversee endpoint and asset management, including MDM and EDR policies, patching, disk encryption, and auditable asset inventories
• Ensure reliable, scalable IT operations for a remote-first, globally distributed workforce
• Own corporate identity and access management strategy across Google Workspace, Rippling, Salesforce, Slack, Atlassian, and other core platforms
• Define and enforce role-based access control and least-privilege models, including access reviews and entitlement rationalization
• Lead SaaS vendor governance: onboarding, risk reviews, renewals, and rationalization across the stack
• Drive automation of joiner, mover, and leaver processes through HRIS and identity-provider integrations
• Own the corporate IT compliance framework and maintain controls and documentation for SOC 2 and SOC 1 audits, working with the vCISO on the control matrix
• Define and oversee endpoint security, corporate identity security, and corporate SaaS hardening standards
• Own vulnerability and patch management for corporate endpoints and SaaS (production and cloud-infrastructure vulnerability management is owned by Engineering)
• Lead corporate incident response for business email compromise, phishing, account compromise, lost or stolen devices, and vendor breaches
• Coordinate customer security questionnaires and partner with Engineering and Dev Services on security assessments and risk remediation; Engineering leads on production and customer-facing controls
• Maintain a proactive stance on emerging risks and close corporate gaps before they become incidents
• Oversee IT support operations, ensuring a high-quality experience across a remote-first team
• Champion automation and tooling to reduce manual toil and improve operational efficiency
• Own IT capacity planning: licenses, hardware refresh, and platform investments
• Maintain and continuously improve IT documentation, runbooks, and standards