Back to all jobs

Head of IT, GRC & Compliance

Hybrid

Published 2 hours ago

About Us

Phyllo is a data gateway that allows social data to be accessed from source platforms (e.g. YouTube, Twitch, Upwork, Shopify, etc.). We build the underlying infrastructure that connects with every creator platform, maintain a live data feed to the systems used by these platforms to manage creators' data, and provide a normalized data set so that businesses can use creators' data in a simple yet impactful way.  Website: https://www.getphyllo.com/

About the Role

We are looking for a high ownership-driven and hands-on Head of IT, GRC & Compliance to lead and manage the organization’s complete internal IT, Governance, Compliance, SaaS Operations, Identity & Access management, Endpoint Security, Procurement, and IT Operational Ecosystem.

This is a strategic and execution-heavy role responsible for ensuring: secure and scalable IT Operations, Compliance Readiness, Enterprise Saas Governance, Access Management, Endpoint Security, Audit Preparedness, Vendor Governance, And Overall It Operational Excellence.

Comfortable operating in a fast-paced startup environment and can independently manage “everything IT”—from onboarding laptops and troubleshooting enterprise tools to leading SOC2/ISO audits and driving security governance initiatives.

What you'll be expected to do

  1. Governance, Risk & Compliance (GRC) :
    • Lead organization-wide compliance initiatives including:
      • SOC 2
      • ISO 27001
      • GDPR
      • customer/vendor security assessments
      • internal IT audits
    • Own and manage compliance automation platforms such as Scrut
    • Maintain and improve:
      • Policies
      • SOPs
      • security controls
      • evidence repositories
      • audit documentation
    • Coordinate with legal, HR, engineering, finance, and leadership teams for audit readiness
    • Conduct risk assessments and remediation tracking
    • Manage customer security questionnaires and compliance requests
    • Drive security awareness and compliance training initiatives
    • Partner with legal teams for:
      • DPA reviews
      • vendor agreements
      • compliance obligations
      • contractual security requirements
  2. Identity & Access Management (IAM) :
    • Manage end-to-end user lifecycle:
      • Onboarding
      • Offboarding
      • access changes
      • privileged access reviews
    • Provision and manage access across:
      • Google Workspace (Gsuite)
      • Microsoft 365
      • Azure / Entra ID
      • GCP
      • Enterprise SaaS applications
    • Implement and manage:
      • SSO
      • MFA
      • RBAC
      • SCIM provisioning
      • Conditional Access policies
    • Conduct periodic access audits and governance reviews
    • Troubleshoot authentication and identity-related issues
    • Drive Zero Trust access governance practices
  3. IT Operations & Enterprise Administration :
    • Administer and support:
      • Google Workspace
      • Microsoft 365
      • Azure / Entra ID
      • Google Cloud Platform (GCP)
      • Collaboration tools
      • Productivity platforms
      • Enterprise SaaS ecosystem
    • Manage:
      • Email security
      • Distribution groups
      • Enterprise configurations
      • SaaS integrations
      • licensing and subscriptions
    • Troubleshoot enterprise IT and SaaS platform issues across departments
    • Ensure operational uptime, reliability, and scalability of enterprise IT systems
    • Drive IT process automation and operational efficiency initiatives
  4. Endpoint Security & Device Management
    • Manage endpoint governance and device compliance programs
    • Administer MDM/endpoint management platforms such as:
      • Sophos
      • Sentinel
      • or equivalent tools
    • Coordinate endpoint hardening, device security baselines, and compliance enforcement
    • Support EDR/security tooling deployment and operational coordination
    • Manage:
      • laptop lifecycle
      • device inventory
      • security compliance
      • secure decommissioning
    • Implement and maintain:
      • BYOD policies
      • endpoint security standards
      • encryption compliance
  5. IT Asset Management & Procurement
    • Own end-to-end IT asset lifecycle management:
      • Procurement
      • Allocation
      • Tracking
      • Recovery
      • Disposal
    • Maintain inventory of:
      • Laptops
      • Peripherals
      • enterprise licenses
      • SaaS subscriptions
    • Manage vendor relationships and procurement workflows
    • Optimize SaaS licensing utilization and costs
    • Coordinate hardware provisioning for onboarding/offboarding processes
    • Maintain procurement governance and approval workflows
  6. SaaS Governance & AI Tool Governance
    • Own governance and administration of enterprise SaaS applications
    • Monitor and manage:
      • SaaS sprawl
      • shadow IT
      • unauthorized tool usage
    • Establish governance for AI-enabled productivity and enterprise tools
    • Ensure secure handling of organizational data across SaaS platforms
    • Optimize SaaS utilization, access governance, and subscription costs
  7. Security Operations & Incident Coordination
    • Coordinate IT-related security incidents including:
      • phishing response
      • access compromise
      • insider access revocation
      • lost/stolen devices
    • Partner with security teams on:
      • incident response
      • vulnerability remediation
      • operational security initiatives
    • Support business continuity and disaster recovery readiness
    • Maintain audit trails, operational logs, and governance records

You'll be a good fit if

  • 5–7+ years of experience in: IT Operations, GRC, IT Compliance, IAM, Enterprise IT Administration, SaaS Operations
  • Strong hands-on experience with: Google Workspace, Microsoft 365, Azure / Entra ID, GCP, Scrut or equivalent compliance platforms 
  • Experience leading: SOC 2, ISO 27001, Audit programs, security assessments, risk management initiatives, VAPT.
  • Strong understanding of: IAM, SSO, MFA, RBAC, SCIM, Zero Trust concepts
  • Experience with: endpoint management, MDM solutions, IT asset management, procurement operations
  • Strong troubleshooting, stakeholder management, and operational ownership skills
  • Ability to independently manage cross-functional IT and compliance operations in startup environments

Preferred Qualifications

  • Experience working in startup or high-growth SaaS organizations
  • Familiarity with:
    • EDR/XDR platforms
    • cloud security tooling
  • Certifications such as:
    • ISO 27001 Lead Implementer/Auditor
    • CISA
    • CRISC
    • Microsoft/Azure certifications
    • Google Workspace administration certifications
  • Experience automating IT/GRC workflows and operational processes

What we offer

  • Hybrid Working Environment: Work both from the office and remotely as needed for a better work-life balance
  • Flexible Hours: Choose to work in the hours you feel the most productive
  • Innovate and Evolve: We're building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact

What's in it for you?

We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. You will infuse insights and ideas into business decision-making, solutions strategy, and the innovation roadmap for each product.

If You are someone who: thrives in high-ownership startup environments, can independently manage broad IT and compliance responsibilities, balances governance with operational practicality, is equally comfortable with audits and hands-on troubleshooting, can build scalable internal IT processes from the ground up, and can act as the central owner for enterprise IT, compliance, and operational governance, Phyllo is the perfect place for you!!


 

APPLY

Full time

Mid-Senior Level

IT & Compliance

Hybrid

APPLY
Report Job