Security & Compliance Manager

About Cassidy Cassidy is a Series A AI automation platform serving enterprise customers. We help companies deploy AI Agents, workflows, and knowledge bases across their organizations. We're ~25 people, growing fast, based in NYC (in-office 5 days/week), and backed by HOF Capital, The General Partnership, and others. The Role You'll be the first person at Cassidy dedicated to IT, security, and compliance. What You'll Do Devices & IT Operations:Endpoint management, MDM, onboarding/offboarding, SaaS access controls, internal IT support, office network Security & Compliance:Own SOC 2, HIPAA, and GDPR compliance programs. Manage compliance tooling (Vanta), run access reviews, drive security improvement projects, assess vendor security Customer-Facing Security:Join customer security calls, own security questionnaires end- to-end, support enterprise deal cycles by ensuring security reviews don't block deals Projects:Build security processes that scale from 25 to 100+ people. Evaluate and implement new tools as we grow. Manage relationships with external partners, including compliance and IT vendors. Qualifications 2-5 years of experience in IT operations, security, or compliance at a startup or small company Experience managing macOS devices in a professional environment Hands-on experience administering SaaS tools and access controls Familiarity with compliance frameworks (SOC 2, HIPAA, GDPR) at a practical level Comfortable on customer calls explaining technical security concepts to non-technical audiences Experience with compliance tooling (Vanta, Drata, or similar) Organized, detail-oriented, and comfortable owning operational responsibility Self-directed with strong communication skills Nice to Have Experience completing security questionnaires for enterprise customers Familiarity with Okta, Azure/AWS IAM, and cloud security Experience working with managed IT providers Security-related software engineering experience