[Hiring] Director of IT @nue.io

Role Description

We are looking for a Director of IT to own and lead the corporate IT function at Nue. You will set the strategy and vision for corporate IT architecture, identity, compliance, and operations, and build the team and systems needed to support a fast-growing, distributed revenue platform.

You will be the most senior IT leader in the organization, reporting directly to the CFO and partnering closely with Engineering, Dev Services, Finance, and People. Nue runs an interim operating model with no dedicated CIO or CISO. You will be the corporate IT and compliance owner inside that model, working with a named Engineering counterpart and a fractional vCISO who provides senior security leadership. As Nue scales, this seat is positioned to grow with the company.

What You'll Do

• IT strategy and leadership
  • Define and own Nue's corporate IT strategy, roadmap, and budget, translating company growth goals into a scalable IT foundation.
  • Build, lead, and mentor the IT team, fostering a culture of security-first thinking and operational excellence.
  • Drive IT maturity across the organization in support of SOC 2 and SOC 1 readiness.
  • Serve as the primary corporate IT decision-maker and escalation point for the business.
• IT architecture and infrastructure
  • Define and govern standard patterns for user lifecycle, access control, and device posture across the workforce.
  • Own the design and evolution of corporate IT architecture: endpoints, identity, the SaaS stack, and networking.
  • Oversee endpoint and asset management, including MDM and EDR policies, patching, disk encryption, and auditable asset inventories.
  • Ensure reliable, scalable IT operations for a remote-first, globally distributed workforce.
• Identity, access, and SaaS governance
  • Own corporate identity and access management strategy across Google Workspace, Rippling, Salesforce, Slack, Atlassian, and other core platforms.
  • Define and enforce role-based access control and least-privilege models, including access reviews and entitlement rationalization.
  • Lead SaaS vendor governance: onboarding, risk reviews, renewals, and rationalization across the stack.
  • Drive automation of joiner, mover, and leaver processes through HRIS and identity-provider integrations.
• Security, compliance, and risk
  • Own the corporate IT compliance framework and maintain controls and documentation for SOC 2 and SOC 1 audits, working with the vCISO on the control matrix.
  • Define and oversee endpoint security, corporate identity security, and corporate SaaS hardening standards.
  • Own vulnerability and patch management for corporate endpoints and SaaS (production and cloud-infrastructure vulnerability management is owned by Engineering).
  • Lead corporate incident response for business email compromise, phishing, account compromise, lost or stolen devices, and vendor breaches.
  • Coordinate customer security questionnaires and partner with Engineering and Dev Services on security assessments and risk remediation; Engineering leads on production and customer-facing controls.
  • Maintain a proactive stance on emerging risks and close corporate gaps before they become incidents.
• Operations and automation
  • Oversee IT support operations, ensuring a high-quality experience across a remote-first team.
  • Champion automation and tooling to reduce manual toil and improve operational efficiency.
  • Own IT capacity planning: licenses, hardware refresh, and platform investments.
  • Maintain and continuously improve IT documentation, runbooks, and standards.

What is not in scope

• To keep the ownership model clean, the following sit with Engineering (CTO), not this role. You partner with Engineering on these; you do not own them:
  • Product security, application security, and the secure development lifecycle.
  • Production identity, access, and secrets management.
  • Cloud infrastructure security and production incident response.
  • Customer-facing security architecture and the technical answers behind customer security reviews.

Qualifications

• 8+ years in corporate IT, with at least 3 years in a leadership or management role at a high-growth tech company.
• Proven experience building and scaling IT functions, teams, and strategy from the ground up.
• Deep expertise in identity and SSO, endpoint management, and SaaS governance (Google Workspace, Rippling, IdP providers, SCIM, SAML, OIDC).
• Strong working knowledge of SOC 2 and SOC 1, and comfort owning audit readiness and the auditor relationship.
• Experience leading IT through audits, security assessments, and customer risk questionnaires.
• A track record of hiring, mentoring, and developing high-performing IT teams.
• Excellent communication skills, able to translate complex technical decisions into clear recommendations for executive and non-technical stakeholders.
• Experience supporting a distributed, remote-first workforce with async-friendly processes and documentation.
• Comfort operating inside a defined IT/Engineering split and partnering with a fractional vCISO rather than owning product security directly.