Security & Compliance Manager

About CassidyCassidy is a Series A AI automation platform serving enterprise customers. We help companies deploy AI Agents, workflows, and knowledge bases across their organizations. We're ~25 people, growing fast, based in NYC (in-office 5 days/week), and backed by HOF Capital, The General Partnership, and others. The RoleYou'll be the first person at Cassidy dedicated to IT, security, and compliance.What You'll DoDevices & IT Operations: Endpoint management, MDM, onboarding/offboarding, SaaS access controls, internal IT support, office networkSecurity & Compliance: Own SOC 2, HIPAA, and GDPR compliance programs. Manage compliance tooling (Vanta), run access reviews, drive security improvement projects, assess vendor securityCustomer-Facing Security: Join customer security calls, own security questionnaires end- to-end, support enterprise deal cycles by ensuring security reviews don't block dealsProjects: Build security processes that scale from 25 to 100+ people. Evaluate and implement new tools as we grow. Manage relationships with external partners, including compliance and IT vendors.Qualifications2-5 years of experience in IT operations, security, or compliance at a startup or small companyExperience managing macOS devices in a professional environmentHands-on experience administering SaaS tools and access controlsFamiliarity with compliance frameworks (SOC 2, HIPAA, GDPR) at a practical levelComfortable on customer calls explaining technical security concepts to non-technical audiencesExperience with compliance tooling (Vanta, Drata, or similar)Organized, detail-oriented, and comfortable owning operational responsibilitySelf-directed with strong communication skillsNice to HaveExperience completing security questionnaires for enterprise customersFamiliarity with Okta, Azure/AWS IAM, and cloud securityExperience working with managed IT providersSecurity-related software engineering experience