IT Manager (Security & Compliance Focus)
San Bruno, CA Hybrid 2 days a week in office
Contract, possibly to hire
Compensation- $185K–$210K
A fast-growing, venture-backed technology company is hiring a hands-on IT Manager (Security & Compliance Focus) to take ownership of both information security and IT operations. This is a senior individual contributor role, not a people manager—ideal for someone who wants to stay close to the work while owning both strategy and execution.
Note: No C2C or C2H arrangements will be considered. This is a direct contract engagement only. No agencies.
About the Role
This role serves as the security authority across the organization, responsible for protecting systems, managing risk, and driving compliance initiatives like SOC 2. You’ll also act as the technical owner of the managed IT provider relationship, ensuring IT operations are secure, scalable, and high-performing.
You’ll work cross-functionally with Engineering, Finance, and People teams to enforce standards, improve processes, and support business growth—while remaining deeply hands-on.
What You’ll Do
Information Security
- Own and evolve the company’s security posture across internal systems and customer-facing platforms
- Define and enforce security policies, access controls, and data classification standards
- Serve as the escalation point for security incidents and drive response efforts
- Manage security tooling (IAM, endpoint protection, phishing simulations, access governance)
- Conduct regular access reviews, vulnerability assessments, and risk evaluations
Compliance & Risk
- Lead SOC 2 (Type I/II) efforts end-to-end, including audit readiness and ongoing compliance
- Maintain and evolve policy and procedure documentation
- Partner with external auditors and manage audit processes
- Respond to enterprise security questionnaires and due diligence requests
- Evaluate and support additional frameworks (ISO 27001, CCPA, etc.) as needed
IT Operations & Oversight
- Act as the internal technical owner of the managed IT provider (MSP)
- Define SLAs, review architecture decisions, and ensure accountability on service delivery
- Own the IT roadmap (networking, endpoints, SaaS tools, onboarding/offboarding workflows)
- Evaluate new tools and vendors for both operational fit and security risk
- Ensure IT standards scale effectively with company growth
AI & Emerging Tech
- Provide security oversight for AI tool adoption and usage
- Contribute to governance policies and acceptable use guidelines
- Assess risk related to data handling and third-party AI tools
What We’re Looking For
- 5–8 years of experience across IT operations and information security
- Proven experience owning or contributing to SOC 2 audits (Type I or II)
- Strong hands-on experience with:
- Identity & Access Management (Okta, OneLogin, or similar)
- Endpoint/MDM security tools
- SaaS and cloud security environments
- Experience building and maintaining security policies, risk registers, and compliance documentation
- Familiarity with GRC frameworks (SOC 2, NIST CSF, ISO 27001)
- Experience managing or overseeing an MSP/vendor relationship
- Strong cross-functional communication skills
- Self-directed and comfortable operating as a solo security lead
These Skills Are a Plus
- Security certifications (CISSP, CISM, CISA, Security+)
- Experience in hardware, IoT, or consumer product environments
- Exposure to business systems (ERP, CRM, e-commerce platforms)
- Experience with access governance tools (e.g., Vanta, Drata, AccessOwl)
Additional Details
- Senior IC role — hands-on execution + ownership, no direct reports
- High-impact position with visibility across the organization
- Opportunity to build and scale security + IT foundations from the ground up
