IT and Compliance Manager

About The Position

Requirements

• 3-5+ years experience in IT Operations, Systems Administration, or Corporate IT
• Hands-on experience managing macOS environments with Jamf
• Strong experience administering Google Workspace and SaaS tools
• Practical experience working in HIPAA regulated environments
• Exposure to SOC 2 and/or HITRUST compliance programs
• Comfortable operating hands on in a growing, regulated health tech company
• Strong documentation, organization, and process discipline
• Excellent communication skills with both technical and non technical stakeholders
• Experience providing first level support for internal business or product platforms, particularly around access control and user permissions

Nice To Haves

• Experience using Vanta or similar compliance automation platforms
• Security adjacent experience (IAM design, EDR, device posture checks)
• Familiarity with internal tooling commonly used in health tech environments (e.g. patient management systems, customer support platforms, internal admin tools)
• Prior experience as the primary or sole IT owner in a scaling organization
• Interest in growing into an IT / Security Operations leadership role

Responsibilities

• Employee IT & Device Management
• Provide first level IT support for ~150 employees (growing to 200+)
• Own Mac and mobile device management using Jamf
• Manage device lifecycle: onboarding, offboarding, inventory, replacements
• Enforce endpoint security controls (disk encryption, OS updates, security tooling)
• Partner with People Ops to deliver a smooth and secure employee experience
• SaaS Application & Access Management
• Own administration of cloud based SaaS applications
• Manage identity, SSO, MFA, and access control via Google Workspace
• Conduct regular access reviews and enforce least privilege principles
• Own SaaS vendor relationships, including:
• Security reviews and questionnaires
• Contract renewals and license optimization
• Budget ownership for IT and SaaS tooling
• Administer and support both third party SaaS tools and internally developed platforms, ensuring secure and reliable user access
• Compliance & Regulatory Execution (SOC 2, HIPAA, HITRUST)
• Execute and support SOC 2 Type II, HIPAA, and HITRUST compliance efforts
• Perform day to day compliance tasks using Vanta
• Maintain evidence, policies, and control documentation
• Monitor ongoing compliance requirements and control effectiveness
• Coordinate audit preparation and respond to auditor requests
• Track and remediate audit findings in collaboration with Engineering and Security
• Internal Tooling & Application Support
• Provide first-level support and troubleshooting for 9amHealth internal systems and applications
• Resolve access, authentication, and permission issues across internal tools
• Support user onboarding and offboarding for internal platforms
• Act as the first point of contact for internal tool issues, escalating to Engineering or vendors as needed
• Maintain documentation and run books for common internal tooling issues

Benefits

• comprehensive benefits package, including health, dental, and vision insurance, along with flexible PTO and work from home options
• professional development budget and support continuing education