IT Lead

About The Position

Requirements

• 12+ years in IT engineering / systems administration / corporate systems leadership with senior technical depth.
• Deep expertise in Google Workspace administration and security controls.
• Strong experience with SSO/SAML and SCIM (Okta or similar IdP), group-based access models, and least-privilege design.
• Strong endpoint management experience with Kandji (Mac) and/or Intune (Windows), including patching, encryption, AV, and compliance reporting.
• Comfort operating in a compliance-driven environment (SOC2 / ISO), including evidence collection, audits, and operational controls.
• Strong documentation habits and a "make it repeatable" mindset.
• Ability to run the work, prioritize, push back, and build scalable patterns.
• Calm, practical, senior ownership.

Nice To Haves

• BetterCloud or similar automation tooling experience.
• Vendor risk management inputs and software governance experience.
• Experience rolling out Okta/device trust policies or conditional access.
• Experience building IT dashboards and metrics (SLA, compliance, lifecycle time).
• Experience with auditing mechanisms and processes (SOC2, ISO 27001).

Responsibilities

• Participate and advise on the IT technical roadmap across identity, endpoint security, access governance, and core corporate systems.
• Partner with Security/Infra to ensure SOC 2 Type II and ISO 27001 controls are operational.
• Establish standards for device compliance, access management, and SaaS lifecycle management.
• Drive adoption of scalable patterns: SSO-first, least privilege, automated lifecycle management, and measurable compliance.
• Govern IT equipment in company offices (e.g., conference rooms, entrance doors, security cameras).
• Own Google Workspace administration end-to-end, including org policies, groups, security settings, audits, and access hygiene.
• Lead Identity & Access Management, including SSO/SAML, SCIM provisioning, group-based access control, and app access patterns.
• Own device endpoint management at scale using Kandji/Intune for Mac and Windows, focusing on device policy enforcement, OS update compliance, encryption, malware protection, and reporting.
• Build and maintain operational automation using tools like BetterCloud or SaaS Manager for workflows such as onboarding/offboarding, group membership, and access reviews.
• Implement scripted automation where appropriate to reduce manual work.
• Own core "security hygiene" within IT, including account lifecycle and joiner/mover/leaver processes.
• Ensure device inventory accuracy and maintain compliance dashboards.
• Collect audit evidence that is clean and repeatable.
• Support vendor/tool governance, including software inventory ownership and providing input for vendor classification and risk reviews.
• Partner with Infra/DevOps/Security to align on controls, identity design, and incident readiness.
• Work with HR/PeopleOps on onboarding/offboarding processes and policy rollout.
• Collaborate with Finance/Procurement on renewals, licensing discipline, and cost visibility.
• Create clear documentation and runbooks to facilitate IT operations and scaling.
• Define "how we work" standards, including SLA tiers, escalation rules, evidence cadence, and system ownership.
• Reduce repeat incidents through automation, standardization, and root-cause improvements.
• Establish a monthly operating rhythm for access reviews, device compliance reviews, vendor/tool audits, and reporting.

Benefits

• Overall compensation package includes various benefit plans.