The Opportunity

Found is seeking a Director of Security & IT (Individual Contributor to start) to own and evolve our security, compliance, and internal IT programs.

This role combines security leadership, hands-on IT operations, and compliance execution. You will be the primary owner of our security posture, SOC 2 readiness, HIPAA safeguards, and internal systems that support a remote-first workforce.

This is a high-ownership role suited for someone who can both execute and build scalable programs, while partnering closely with Engineering, Legal, and Leadership.

What You’ll Do

Security & Compliance (Primary Accountability)

• Own Found’s security posture across infrastructure, applications, vendors, and internal systems
• Lead SOC 2 readiness and audits (control design, evidence collection, auditor coordination)
• Maintain and operationalize HIPAA Security Rule safeguards
• Own vendor security reviews, risk assessments, and security questionnaires
• Partner with Legal on security clauses, BAAs, and contract reviews
• Define and maintain security policies, standards, and incident response procedures
• Act as the internal point of contact for security inquiries from partners, auditors, and customers

IT Operations & Internal Systems

• Own Found’s IT operations for a remote-first workforce
• Administer and evolve:
• Okta (SSO, access controls, joiner/mover/leaver processes)
• Google Workspace
• Device management (JAMF / MDM)
• Network access (e.g., Twingate)
• Ensure reliable onboarding and offboarding of employees and contractors
• Maintain hardware and software inventory
• Oversee or operate the helpdesk function, including tooling, SLAs, and vendor partnerships
• Build and document repeatable, auditable IT processes

Program Building & Scale

• Design systems that scale without heroics
• Identify opportunities for automation in access management, evidence collection, and IT workflows
• Evaluate and manage vendors
• Partner with Engineering leadership to ensure security is embedded, not bolted on
• Translate security and IT risk into clear, actionable recommendations for leadership
• Lay the foundation for a scalable IT and Information Security function, including systems, processes, and future team growth

What You Bring

Required

• Experience owning security, IT, or compliance responsibilities in a SaaS or technology organization
• Hands-on experience with SSO, identity & access management, and internal IT systems
• Strong understanding of SOC 2 and/or HIPAA Security Rule
• Comfort operating in regulated environments
• Ability to both execute tactically and design systems strategically
• Clear communicator who can work with engineers, legal, vendors, and non-technical stakeholders

Strongly Preferred

• Experience leading or supporting a SOC 2 audit
• Experience in a healthcare, fintech, or regulated SaaS company
• Familiarity with:
• JAMF or other MDM platforms
• Okta or similar IAM tools
• Cloud security concepts (AWS, logging, IAM, audit trails)
• Experience managing vendors or managed service providers

Bonus

• Prior experience as a Security Engineer, IT Manager, or GRC Lead
• Scripting or automation experience (Bash, Python)
• Incident response or security program ownership experience