Manager IT and Security

Job SummaryWe are seeking a seasoned Information Technology & Security leader to head our IT and Security function at ScoutLogic, a fast-growing background check company. This leader will be responsible for ensuring the security, compliance, and operational reliability of our technology environment. The role requires a balance of long-term vision and hands-on execution to manage security certifications, vendor relationships, internal IT support, and alignment with software development teams to ensure industry leading information security standards.Reports to: CISO and the Head of Business Operations & StrategyKey ResponsibilitiesStrategy & Leadership• IT Roadmap Ownership: Work alongside the CISO to define and execute a multi-year IT and security roadmap aligned with ScoutLogic’s business objectives, growth trajectory, and compliance commitments. • Executive Communication: Regularly brief the CISO and leadership team on security posture, key risks, and IT initiatives in clear, business-focused language. • Cross-Functional Leadership: Build strong partnerships with Operations, Sales, and Client Success to ensure InfoSec becomes a commercial asset (i.e., a driver of client trust and differentiation).Security & Compliance• Oversee the company’s information security program, ensuring compliance with industry regulations and best practices. • Guide teams through the company's annual SOC 2 certification process, including readiness assessments, audit coordination, and collaborative remediation. • Represent the company with clients’ IT and security executives by articulating our security posture, protocols, and compliance certifications. • Maintain, and enforce information security policies, standards, and procedures.• Continuously monitor and evaluate the company’s security posture, staying ahead of evolving threats and introducing proactive risk management practices, including penetration testing and threat modeling. • Establish and lead incident detection, response, and recovery processes. Run tabletop exercises and ensure business continuity planning is robust. • Oversee compliance with data privacy laws (GDPR, CCPA, etc.) given ScoutLogic’s handling of sensitive candidate information. Vendor & Systems Management• Manage all third-party technology vendors, ensuring adherence to security and performance standards.• Oversee IT spend, ensuring bolthires-effective solutions without compromising security or reliability. • Negotiate contracts and service-level agreements (SLAs) with technology partners. • Conduct regular vendor security assessments and audits to mitigate third-party risk. Internal IT Support & Infrastructure• Lead a small internal IT team responsible for employee IT support, SaaS tooling management, hardware/software provisioning, and troubleshooting. • Ensure reliability, availability, and performance of internal systems, and business applications.• Oversee IT asset management, lifecycle planning, and disaster recovery preparedness. • Implement employee training and phishing simulations to strengthen the “human firewall.”• Lead team initiatives to automate IT support workflows, employee onboarding/offboarding, and compliance reporting processes, enhancing team productivity and organizational scalability. Qualifications• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field• 8–10+ years of progressive IT leadership experience• Proven track record leading SOC2 or other security certifications and maintaining compliance with security regulations.• Strong knowledge of information security and data privacy frameworks (ISO 27001, NIST CSF, SOC2, GDPR, DPF, etc…), and IT governance best practices. • Experience managing vendor relationships, negotiating contracts, and overseeing IT budgets. • Demonstrated ability to represent a company’s security posture with senior leadership team and auditors. • Hands-on experience managing IT support teams and ensuring high-quality internal service delivery. • Strong communication skills with the ability to translate technical concepts into business language.• High integrity, collaborative mindset, and ability to thrive in a fast-paced, growth-oriented environment. • Experience leading incident response or disaster recovery during a high-pressure event. • Demonstrated ability to balance commercial pragmatism with compliance rigor. Preferred Qualifications• Certifications: CISSP, CISM, CISA, or equivalent. • Familiarity with secure software development practices and working alongside product/engineering teams. • Experience partnering with software development teams to ensure applications meet information security standards and comply with SOC 2, OWASP, and industry security requirements.• Proven ability to provide guidance on secure coding practices, data protection requirements, and application security testing. • Background participating in product and infrastructure design discussions to embed security into the SDLC (Software Development Lifecycle). Apply tot his job