IT Lead

Later•Boston, MA

16h•$110,000 - $150,000•Hybrid

About The Position

We’re looking for a highly technical IT Lead (12+ years experience) to own and evolve our corporate IT systems/access and security at a senior level. This is not a “tickets all day” role — it’s a high technical role that still stays close to the planning and the execution. You’ll be responsible for building secure, configure, and well-governed systems or 3rd party integration across identity/access, endpoint management, device compliance, and core productivity platforms (Google Workspace and key SaaS). This person will be the technical owner for IT foundations that support SOC2/ISO readiness, secure access, reliable onboarding/offboarding, and device compliance across a growing organization.

Requirements

12+ years in IT engineering / systems administration / corporate systems leadership (senior technical depth).
Deep expertise in Google Workspace administration and security controls.
Strong experience with SSO/SAML and SCIM (Okta or similar IdP), group-based access models, least-privilege design.
Strong endpoint management experience: Kandji (Mac) and/or Intune (Windows), patching, encryption, AV, compliance reporting.
Comfort operating in a compliance-driven environment (SOC2 / ISO), including evidence, audits, and operational controls.
Strong documentation habits and a “make it repeatable” mindset.
Calm, practical, senior ownership: can run the work, prioritize, push back, and build scalable patterns.

Nice To Haves

BetterCloud or similar automation tooling experience
Vendor risk management inputs and software governance experience
Experience rolling out Okta/device trust policies or conditional access
Experience building IT dashboards and metrics (SLA, compliance, lifecycle time)
Experience with auditing mechanisms and processes (SOC2, ISO 27001)

Responsibilities

Participate and advise on the IT technical roadmap across identity, endpoint security, access governance, and core corporate systems.
Partner with Security/Infra to ensure SOC 2 Type II and ISO 27001 controls are operational (and not just documented).
Establish standards for device compliance, access management, and SaaS lifecycle (intake → review → onboarding → offboarding).
Drive adoption of scalable patterns: SSO-first, least privilege, automated lifecycle management, and measurable compliance.
Government of IT equipment in company offices (equipment in conference rooms, entrance doors, security cameras, etc.)
Own Google Workspace administration end-to-end (org policies, groups, security settings, audits, access hygiene).
Lead Identity & Access Management: SSO/SAML, SCIM provisioning, group-based access control, and app access patterns.
Own device endpoint management at scale: Kandji/Iru (Mac) and Intune (Windows) device policy enforcement, OS update compliance, encryption, malware protection, and reporting.
Build and maintain operational automation: BetterCloud or SaaS Manager workflows (onboarding/offboarding, group membership, access reviews), Scripted automation (where appropriate) to reduce manual work.
Own core “security hygiene” within IT: Account lifecycle, joiner/mover/leaver processes, Device inventory accuracy and compliance dashboards, Audit evidence collection that’s clean and repeatable.
Support vendor/tool governance: Software inventory ownership (admin + business owner), Vendor classification and risk review inputs (in partnership with Security/Legal).
Partner with Infra/DevOps/Security to align on controls, identity design, and incident readiness.
Work with HR/PeopleOps on onboarding/offboarding and policy rollout.
Collaborate with Finance/Procurement on renewals, licensing discipline, and cost visibility.
Create clear documentation/runbooks so IT is easier to operate and scale.
Define “how we work” standards: SLA tiers, escalation rules, evidence cadence, and system ownership.
Reduce repeat incidents via automation, standardization, and root-cause improvements.
Build a monthly operating rhythm: access reviews, device compliance review, vendor/tool audits, and reporting.