IT Manager (Security & Compliance Focus)

IT Manager (Security & Compliance Focus)San Bruno, CA Hybrid 2 days a week in officeContract, possibly to hireCompensation- $185K–$210KA fast-growing, venture-backed technology company is hiring a hands-on IT Manager (Security & Compliance Focus) to take ownership of both information security and IT operations. This is a senior individual contributor role, not a people manager—ideal for someone who wants to stay close to the work while owning both strategy and execution.Note: No C2C or C2H arrangements will be considered. This is a direct contract engagement only. No agencies.About the RoleThis role serves as the security authority across the organization, responsible for protecting systems, managing risk, and driving compliance initiatives like SOC 2. You’ll also act as the technical owner of the managed IT provider relationship, ensuring IT operations are secure, scalable, and high-performing.You’ll work cross-functionally with Engineering, Finance, and People teams to enforce standards, improve processes, and support business growth—while remaining deeply hands-on.What You’ll DoInformation SecurityOwn and evolve the company’s security posture across internal systems and customer-facing platformsDefine and enforce security policies, access controls, and data classification standardsServe as the escalation point for security incidents and drive response effortsManage security tooling (IAM, endpoint protection, phishing simulations, access governance)Conduct regular access reviews, vulnerability assessments, and risk evaluationsCompliance & RiskLead SOC 2 (Type I/II) efforts end-to-end, including audit readiness and ongoing complianceMaintain and evolve policy and procedure documentationPartner with external auditors and manage audit processesRespond to enterprise security questionnaires and due diligence requestsEvaluate and support additional frameworks (ISO 27001, CCPA, etc.) as neededIT Operations & OversightAct as the internal technical owner of the managed IT provider (MSP)Define SLAs, review architecture decisions, and ensure accountability on service deliveryOwn the IT roadmap (networking, endpoints, SaaS tools, onboarding/offboarding workflows)Evaluate new tools and vendors for both operational fit and security riskEnsure IT standards scale effectively with company growthAI & Emerging TechProvide security oversight for AI tool adoption and usageContribute to governance policies and acceptable use guidelinesAssess risk related to data handling and third-party AI toolsWhat We’re Looking For5–8 years of experience across IT operations and information securityProven experience owning or contributing to SOC 2 audits (Type I or II)Strong hands-on experience with:Identity & Access Management (Okta, OneLogin, or similar)Endpoint/MDM security toolsSaaS and cloud security environmentsExperience building and maintaining security policies, risk registers, and compliance documentationFamiliarity with GRC frameworks (SOC 2, NIST CSF, ISO 27001)Experience managing or overseeing an MSP/vendor relationshipStrong cross-functional communication skillsSelf-directed and comfortable operating as a solo security leadThese Skills Are a PlusSecurity certifications (CISSP, CISM, CISA, Security+)Experience in hardware, IoT, or consumer product environmentsExposure to business systems (ERP, CRM, e-commerce platforms)Experience with access governance tools (e.g., Vanta, Drata, AccessOwl)Additional DetailsSenior IC role — hands-on execution + ownership, no direct reportsHigh-impact position with visibility across the organizationOpportunity to build and scale security + IT foundations from the ground up