Head of IT & Security Operations
About The Position
120Water is hiring our first dedicated IT & Security leader to own and mature our internal technology and security operations as we scale. The Head of IT & Security Operations is responsible for day-to-day execution and long term ownership of internal IT systems, security tooling, vendor relationships, and security framework readiness protecting and administrating the company’s systems, data, and people while enabling secure, scalable technology operations. This role owns information security operations, corporate IT infrastructure, compliance support, and contributes to internal technology strategy, partnering closely with Engineering, Product, Legal, and Operations. This is a leadership role that combines security strategy, risk management, and practical execution to support company growth and customer trust.
Requirements
- 5+ years of experience in information security, security operations, IT, or related roles
- Experience owning or being the primary operator for security and/or IT programs in a SaaS or technology-driven environment
- Strong understanding of: Identity and access management Endpoint security and device management SaaS / Vendor management
- Experience supporting security compliance frameworks (e.g., GovRamp, SOC 2)
- Comfort operating as first or sole owner
- Ability to communicate security concepts clearly to technical and non-technical audiences
Nice To Haves
- Prior experience as a Security Manager or similar ownership role
- Experience selecting or working with an MSP
- Familiarity with, or comfort navigating, privacy regulations (e.g., GDPR, state privacy laws)
- Experience working with startups or high-growth companies
Responsibilities
- Own the administration, reliability, and security of internal IT systems
- Serve as primary IT escalation point
- Support procurement and vendor selection and lead onboarding / offboarding workflows
- Evaluate and implement new tools to improve productivity and security
- Manage vendor relationships and contracts related to IT and security
- Create and maintain an inventory of systems, tools, vendors, and access
- Standardize approved systems and tools across the organization to reduce sprawl
- Act as internal security point of contact
- Own internal security operations and hygiene
- Develop, implement, and maintain the company’s information security program - including security policies, standards, and procedures across the organization
- Manage and implement security tooling across the organization
- Identify, assess, and mitigate security risks across systems, vendors, and processes
- Maintain incident response documentation; member of the incident response team
- Coordinate vulnerability management, penetration testing, and remediation efforts with internal teams and external partners
- Ensure secure access controls, identity management, and endpoint security
- Own day-to-day execution and coordination of the company’s GovRAMP authorization effort, partnering with leadership, internal teams, and external advisors to meet an August 1, 2026 target
- Support other compliance / security initiatives, such as SOC II or customer security assessments
- Maintain documentation and evidence required for audits and certifications
- Monitor regulatory and industry security requirements relevant to the business
- Define and maintain security and IT roadmap aligned with company goals
- Act as internal owner for IT and Security, be our subject matter expert
- Educate employees on security best practices through training and awareness programs
- Establish lightweight metrics and reporting for security posture, incidents, and IT performance
- Partner with Company Leadership on future resourcing
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
Education Level
No Education Listed
