Information Security & IT Senior Manager

About The Position

Requirements

• 7+ years in information security with meaningful program ownership experience
• Experience at a growth-stage startup company, ideally as a primary security practitioner
• Experience providing or overseeing IT services
• Obsessed with client service and meeting internal SLAs
• Hands-on SOC 2 Type II experience — you've run an audit, not just supported one.
• Familiarity with leading security and compliance governance tools (i.e. Vanta, Drata, OneTrust).
• Working knowledge of CCPA and US data privacy requirements
• Experience reviewing contractual security requirements.
• Deep interest in and knowledge of leading AI tooling, as applicable to early-stage startups.
• Proven track record driving security, compliance, and/or technology change within a fast-paced organization.
• Familiarity with AI security risks and SaaS AI governance

Nice To Haves

• Experience or familiarity with ISO 27001, NIST 800-53, NERC CIP, OWASP.
• Comfortable writing Bash scripts for automation and MDM enforcement tasks
• Strong written communication — you can brief an exec and write audit-ready documentation
• CISSP, CISM, or equivalent

Responsibilities

• Own and execute WeaveGrid's information security and IT program end-to-end — this is a high-impact, hands-on IC role.
• Maintain cloud security posture across AWS (IAM governance, configuration review, cloud-native security tooling)
• Own the corporate security control environment — EDR, email security, identity governance, network monitoring, DLP
• Oversee strategy and day-to-day management of our IT services contractor(s). Ensure operational excellence and intervene as needed to ensure timely responses to internal stakeholders.
• Serve as the internal technical owner of the corporate IT environment and escalation point for security-intersecting IT issues
• Manage SOC 2 Type II compliance across all five Trust Service Criteria, including auditor relationships and evidence collection
• Support CCPA and privacy compliance by monitoring and managing data subject access requests and the associated overarching process, applicable website technologies, and ad hoc privacy requests, in partnership with the Legal team.
• Own application security for our web and mobile products, including coordinating annual penetration tests and driving remediation with Engineering.
• Run the vulnerability management program — prioritization, tracking, and reporting.
• Manage incident response — maintain the IR plan, run tabletop exercises, and handle real incidents through to post-mortem.
• Maintain and test BC/DR plans in coordination with Engineering and Operations.
• Conduct and document quarterly access reviews across critical systems.
• Review security terms in vendor and customer contracts; complete customer security questionnaires; run vendor risk assessments.
• Help administer the personnel security program (security awareness training, onboarding/offboarding controls) in partnership with the People team.
• Lead the company’s Information Security & IT Committee — evaluating tools, defining acceptable use, and managing data exposure risk across sanctioned tools, including AI platforms
• Drive AI and new technology adoption within WeaveGrid, engaging internal and external stakeholders as applicable

Benefits

• equity (stock options)