Job Description
Job Summary We are seeking a seasoned Information Technology & Security leader to head our IT and Security function at ScoutLogic, a fast-growing background check company. This leader will be responsible for ensuring the security, compliance, and operational reliability of our technology environment. The role requires a balance of long-term vision and hands-on execution to manage security certifications, vendor relationships, internal IT support, and alignment with software development teams to ensure industry leading information security standards. Reports to: CISO and the Head of Business Operations & Strategy Key Responsibilities Strategy & Leadership ⢠IT Roadmap Ownership: Work alongside the CISO to define and execute a multi-year IT and security roadmap aligned with ScoutLogicâs business objectives, growth trajectory, and compliance commitments. ⢠Executive Communication: Regularly brief the CISO and leadership team on security posture, key risks, and IT initiatives in clear, business-focused language. ⢠Cross-Functional Leadership: Build strong partnerships with Operations, Sales, and Client Success to ensure InfoSec becomes a commercial asset (i.e., a driver of client trust and differentiation). Security & Compliance ⢠Oversee the companyâs information security program, ensuring compliance with industry regulations and best practices. ⢠Guide teams through the company's annual SOC 2 certification process, including readiness assessments, audit coordination, and collaborative remediation. ⢠Represent the company with clientsâ IT and security executives by articulating our security posture, protocols, and compliance certifications. ⢠Maintain, and enforce information security policies, standards, and procedures. ⢠Continuously monitor and evaluate the companyâs security posture, staying ahead of evolving threats and introducing proactive risk management practices, including penetration testing and threat modeling. ⢠Establish and lead incident detection, response, and recovery processes. Run tabletop exercises and ensure business continuity planning is robust. ⢠Oversee compliance with data privacy laws (GDPR, CCPA, etc.) given ScoutLogicâs handling of sensitive candidate information. Vendor & Systems Management ⢠Manage all third-party technology vendors, ensuring adherence to security and performance standards. ⢠Oversee IT spend, ensuring cost-effective solutions without compromising security or reliability. ⢠Negotiate contracts and service-level agreements (SLAs) with technology partners. ⢠Conduct regular vendor security assessments and audits to mitigate third-party risk. Internal IT Support & Infrastructure ⢠Lead a small internal IT team responsible for employee IT support, SaaS tooling management, hardware/software provisioning, and troubleshooting. ⢠Ensure reliability, availability, and performance of internal systems, and business applications. ⢠Oversee IT asset management, lifecycle planning, and disaster recovery preparedness. ⢠Implement employee training and phishing simulations to strengthen the âhuman firewall.â ⢠Lead team initiatives to automate IT support workflows, employee onboarding/offboarding, and compliance reporting processes, enhancing team productivity and organizational scalability. Qualifications ⢠Bachelorâs degree in Information Technology, Computer Science, Cybersecurity, or related field ⢠8â10+ years of progressive IT leadership experience ⢠Proven track record leading SOC2 or other security certifications and maintaining compliance with security regulations. ⢠Strong knowledge of information security and data privacy frameworks (ISO 27001, NIST CSF, SOC2, GDPR, DPF, etcâŚ), and IT governance best practices. ⢠Experience managing vendor relationships, negotiating contracts, and overseeing IT budgets. ⢠Demonstrated ability to represent a companyâs security posture with senior leadership team and auditors. ⢠Hands-on experience managing IT support teams and ensuring high-quality internal service delivery. ⢠Strong communication skills with the ability to translate technical concepts into business language. ⢠High integrity, collaborative mindset, and ability to thrive in a fast-paced, growth-oriented environment. ⢠Experience leading incident response or disaster recovery during a high-pressure event. ⢠Demonstrated ability to balance commercial pragmatism with compliance rigor. Preferred Qualifications ⢠Certifications: CISSP, CISM, CISA, or equivalent. ⢠Familiarity with secure software development practices and working alongside product/engineering teams. ⢠Experience partnering with software development teams to ensure applications meet information security standards and comply with SOC 2, OWASP, and industry security requirements. ⢠Proven ability to provide guidance on secure coding practices, data protection requirements, and application security testing. ⢠Background participating in product and infrastructure design discussions to embed security into the SDLC (Software Development Lifecycle). Apply tot his job