Director, IT
The Opportunity
We're hiring our first Director of IT to build Stepful's IT and security function from the ground up. You'll own our path to SOC 2 certification and everything that keeps a fast-growing company running securely — from identity and access management to the laptop that lands on every new hire's desk. This is a hands-on role to start: you'll operate as an individual contributor, set the strategy, and build out a team as the company scales. This role reports directly to the SVP, Engineering and partners closely with Engineering, Finance, People, and our B2B teams across the organization.
This is a hybrid opportunity based out of our NYC office, requiring three days/week (Tuesday, Wednesday, Thursday) in office.
What You'll Do
Security & Compliance: Own Stepful's security program end to end, leading our SOC 2 effort from readiness assessment through audit and ongoing compliance
Define and enforce security policies, identity and access management, and least-privilege controls across the organization (SSO, MFA, access reviews)
Support our B2B healthcare partnerships by owning security questionnaires, vendor assessments, and customer audit requests
IT Operations: Own the full equipment lifecycle — procurement, MDM deployment, inventory, and seamless onboarding/offboarding for every employee
Manage our SaaS application stack, including provisioning, access governance, vendor security reviews, and spend optimization
Build scalable IT support processes and serve as the escalation point for day-to-day IT needs, rolling up your sleeves while the function is small
Partner with Engineering on incident response, endpoint security, and infrastructure hardening
What You'll Bring
8+ years of IT experience, including experience leading IT or security functions at a high-growth startup
Hands-on experience driving a SOC 2 certification (Type I and II) from readiness through audit
Deep expertise with the modern IT stack: MDM (e.g., Kandji, Jamf), identity providers (e.g., Okta, Google Workspace), and endpoint security tooling
Proven ability to operate as a strategic leader and a hands-on individual contributor at the same time
Strong vendor management skills across hardware, software, and audit partners
Exceptional communication skills with the ability to make security and compliance accessible to non-technical teams
A builder's mindset — you're energized by creating processes and systems from scratch, not inheriting them
Bonus Points
If You have experience with HIPAA or healthcare data compliance
You've built an IT function from zero at a scaling company
You've worked in EdTech, healthcare, or another mission-driven industry