IT Lead

We’re looking for a highly technical IT Lead (12+ years experience) to own and evolve our corporate IT systems/access and security at a senior level. This is not a “tickets all day” role — it’s a high technical role that still stays close to the planning and the execution. You’ll be responsible for building secure, configure, and well-governed systems or 3rd party integration across identity/access, endpoint management, device compliance, and core productivity platforms (Google Workspace and key SaaS).

This person will be the technical owner for IT foundations that support SOC2/ISO readiness, secure access, reliable onboarding/offboarding, and device compliance across a growing organization.

• Participate and advise on the IT technical roadmap across identity, endpoint security, access governance, and core corporate systems.
• Partner with Security/Infra to ensure SOC 2 Type II and ISO 27001 controls are operational (and not just documented).
• Establish standards for device compliance, access management, and SaaS lifecycle (intake → review → onboarding → offboarding).
• Drive adoption of scalable patterns: SSO-first, least privilege, automated lifecycle management, and measurable compliance.
• Government of IT equipment in company offices (equipment in conference rooms, entrance doors, security cameras, etc.)

• Own Google Workspace administration end-to-end (org policies, groups, security settings, audits, access hygiene).
• Lead Identity & Access Management: SSO/SAML, SCIM provisioning, group-based access control, and app access patterns.
• Own device endpoint management at scale:
• Kandji/Iru (Mac) and Intune (Windows) device policy enforcement
• OS update compliance, encryption, malware protection, and reporting
• Build and maintain operational automation:
• BetterCloud or SaaS Manager workflows (onboarding/offboarding, group membership, access reviews)
• Scripted automation (where appropriate) to reduce manual work
• Own core “security hygiene” within IT:
• Account lifecycle, joiner/mover/leaver processes
• Device inventory accuracy and compliance dashboards
• Audit evidence collection that’s clean and repeatable
• Support vendor/tool governance:
• Software inventory ownership (admin + business owner)
• Vendor classification and risk review inputs (in partnership with Security/Legal)

• Partner with Infra/DevOps/Security to align on controls, identity design, and incident readiness.
• Work with HR/PeopleOps on onboarding/offboarding and policy rollout.
• Collaborate with Finance/Procurement on renewals, licensing discipline, and cost visibility.
• Create clear documentation/runbooks so IT is easier to operate and scale.

• Define “how we work” standards: SLA tiers, escalation rules, evidence cadence, and system ownership.
• Reduce repeat incidents via automation, standardization, and root-cause improvements.
• Build a monthly operating rhythm: access reviews, device compliance review, vendor/tool audits, and reporting.

• Meet key stakeholders (IT, Security, DevOps, HR, Finance). Take ownership of IT intake: ticket flow, SLA usage, escalations, and current pain points. Audit Google Workspace, groups, SSO apps, device inventory (Mac/Windows), and current policies. Review SOC2/ISO requirements that touch IT (access, device compliance, evidence). Identify quick wins: cleanup high-risk access, fix top recurring tickets, and document “how-to” basics for the team.

• Stabilize operations: reduce ticket backlog, tighten prioritization, and improve response consistency. Implement a clear onboarding/offboarding workflow (Google Workspace + SSO + device provisioning) and standardize access requests. Roll out baseline endpoint compliance reporting (Kandji/Intune) for patching, encryption, AV. Build a vendor/software inventory with owners and admin contacts. Start monthly access reviews + evidence collection cadence for SOC2 (and prep for Type II).

• Deliver measurable improvements: faster onboarding, fewer repeat tickets, and higher endpoint compliance (patching/encryption/AV). Lock down SSO standards: app catalog, ownership, least-privilege groups, and (where possible) SCIM automation. Formalize IT runbooks and a small project roadmap (next quarter). Ensure SOC2/ISO readiness is “operational,” not ad-hoc: recurring evidence, vendor reviews, and audit-ready documentation. Present a clear plan for future capacity needs (contractor vs hire) based on volume and risk.

• 12+ years in IT engineering / systems administration / corporate systems leadership (senior technical depth).
• Deep expertise in Google Workspace administration and security controls.
• Strong experience with SSO/SAML and SCIM (Okta or similar IdP), group-based access models, least-privilege design.
• Strong endpoint management experience: Kandji (Mac) and/or Intune (Windows), patching, encryption, AV, compliance reporting.
• Comfort operating in a compliance-driven environment (SOC2 / ISO), including evidence, audits, and operational controls.
• Strong documentation habits and a “make it repeatable” mindset.
• Calm, practical, senior ownership: can run the work, prioritize, push back, and build scalable patterns.

• BetterCloud or similar automation tooling experience
• Vendor risk management inputs and software governance experience
• Experience rolling out Okta/device trust policies or conditional access
• Experience building IT dashboards and metrics (SLA, compliance, lifecycle time)
• Experience with auditing mechanisms and processes (SOC2, ISO 27001)

• Driven by Impact: You deliver results that matter—prioritizing high-value work, meeting deadlines, and adapting quickly while keeping outcomes clear.
• Strategic & Customer-Centric: You anticipate risks and opportunities, connect decisions to long-term growth, and build trust through proactive insights.
• Curious & Growth-Oriented: You seek knowledge, ask sharp questions, and apply learnings fast—challenging the status quo with a mindset of improvement.
• Collaborative & Resilient: You thrive in change by staying resourceful, solution-focused, and positive—removing roadblocks, sharing insights, and keeping morale high.
• Accountable & Honest: You own your work, hold yourself and others to a high bar, and use transparent feedback to drive growth.
• Emotionally Intelligent: You build trust through empathy and collaboration, foster inclusion, and inspire others with grit, optimism, and integrity.

We have offices in Boston, MA; Vancouver, BC; Chicago, IL; and Vancouver, WA. For select positions, we are open to hiring fully remote candidates. We post our positions in the location(s) where we are open to having the successful candidate be located. 

At Later, we are committed to fostering a culture rooted in an inclusion-first mindset at every level of the company, embracing the importance of hiring and building teams for culture add rather than culture fit. We openly build and maintain unbiased hiring, pay, and promotion practices to create a foundation for an equitable workplace, paving the way for systemic change.

We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, national origin, disability, or age. Please let us know if you require any accommodations or support during the recruitment process.