Manager IT and Security

Job Summary We are seeking a seasoned Information Technology & Security leader to head our IT and Security function at ScoutLogic, a fast-growing background check company. This leader will be responsible for ensuring the security, compliance, and operational reliability of our technology environment. The role requires a balance of long-term vision and hands-on execution to manage security certifications, vendor relationships, internal IT support, and alignment with software development teams to ensure industry leading information security standards. Reports to: CISO and the Head of Business Operations & Strategy Key Responsibilities Strategy & Leadership • IT Roadmap Ownership: Work alongside the CISO to define and execute a multi-year IT and security roadmap aligned with ScoutLogic’s business objectives, growth trajectory, and compliance commitments. • Executive Communication: Regularly brief the CISO and leadership team on security posture, key risks, and IT initiatives in clear, business-focused language. • Cross-Functional Leadership: Build strong partnerships with Operations, Sales, and Client Success to ensure InfoSec becomes a commercial asset (i.e., a driver of client trust and differentiation). Security & Compliance • Oversee the company’s information security program, ensuring compliance with industry regulations and best practices. • Guide teams through the company's annual SOC 2 certification process, including readiness assessments, audit coordination, and collaborative remediation. • Represent the company with clients’ IT and security executives by articulating our security posture, protocols, and compliance certifications. • Maintain, and enforce information security policies, standards, and procedures. • Continuously monitor and evaluate the company’s security posture, staying ahead of evolving threats and introducing proactive risk management practices, including penetration testing and threat modeling. • Establish and lead incident detection, response, and recovery processes. Run tabletop exercises and ensure business continuity planning is robust. • Oversee compliance with data privacy laws (GDPR, CCPA, etc.) given ScoutLogic’s handling of sensitive candidate information. Vendor & Systems Management • Manage all third-party technology vendors, ensuring adherence to security and performance standards. • Oversee IT spend, ensuring cost-effective solutions without compromising security or reliability. • Negotiate contracts and service-level agreements (SLAs) with technology partners. • Conduct regular vendor security assessments and audits to mitigate third-party risk. Internal IT Support & Infrastructure • Lead a small internal IT team responsible for employee IT support, SaaS tooling management, hardware/software provisioning, and troubleshooting. • Ensure reliability, availability, and performance of internal systems, and business applications. • Oversee IT asset management, lifecycle planning, and disaster recovery preparedness. • Implement employee training and phishing simulations to strengthen the “human firewall.” • Lead team initiatives to automate IT support workflows, employee onboarding/offboarding, and compliance reporting processes, enhancing team productivity and organizational scalability. Qualifications • Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field • 8–10+ years of progressive IT leadership experience • Proven track record leading SOC2 or other security certifications and maintaining compliance with security regulations. • Strong knowledge of information security and data privacy frameworks (ISO 27001, NIST CSF, SOC2, GDPR, DPF, etc…), and IT governance best practices. • Experience managing vendor relationships, negotiating contracts, and overseeing IT budgets. • Demonstrated ability to represent a company’s security posture with senior leadership team and auditors. • Hands-on experience managing IT support teams and ensuring high-quality internal service delivery. • Strong communication skills with the ability to translate technical concepts into business language. • High integrity, collaborative mindset, and ability to thrive in a fast-paced, growth-oriented environment. • Experience leading incident response or disaster recovery during a high-pressure event. • Demonstrated ability to balance commercial pragmatism with compliance rigor. Preferred Qualifications • Certifications: CISSP, CISM, CISA, or equivalent. • Familiarity with secure software development practices and working alongside product/engineering teams. • Experience partnering with software development teams to ensure applications meet information security standards and comply with SOC 2, OWASP, and industry security requirements. • Proven ability to provide guidance on secure coding practices, data protection requirements, and application security testing. • Background participating in product and infrastructure design discussions to embed security into the SDLC (Software Development Lifecycle). Apply tot his job