Director of IT

About The Role

We are looking for a Director of IT to own and lead the corporate IT function at Nue. You

will set the strategy and vision for corporate IT architecture, identity, compliance, and

operations, and build the team and systems needed to support a fast-growing,

distributed revenue platform.

You will be the most senior IT leader in the organization, reporting directly to the CFO

and partnering closely with Engineering, Dev Services, Finance, and People. Nue runs

an interim operating model with no dedicated CIO or CISO. You will be the corporate IT

and compliance owner inside that model, working with a named Engineering counterpart

and a fractional vCISO who provides senior security leadership. As Nue scales, this seat

is positioned to grow with the company.

OWNERSHIP MODEL

How this role works with Engineering and the vCISO

Nue splits IT and Engineering responsibility using three lines, applied in order. They

Resolve Almost Every Ownership Question

• If a customer touches it, Engineering owns it.
• If an employee uses it, IT owns it.
• If an auditor asks about it, it is a joint program with one named owner.
  
  

That gives this role a clear lane. You own the corporate surface; Engineering owns the

production and customer-facing surface; the compliance program is shared with you as

the named coordinating owner.

Two structures keep the corporate and product sides aligned without a CIO or CISO

Layer Between Them

• Security and Compliance Council. A biweekly, 45-minute standing meeting with
  
  

you, the CTO or a named engineering counterpart, and the CFO. Fixed agenda:

SOC 2 and SOC 1 status, open findings, upcoming questionnaires, incidents, vendor

risk approvals, and policy changes.

• Fractional vCISO. Eight to fifteen hours per month of senior security leadership. The
  
  

vCISO mentors you, signs off on the control matrix, attends customer due diligence

calls, and acts as Nue's senior security voice during this interim period.

What You'll Do

IT strategy and leadership

• Define and own Nue's corporate IT strategy, roadmap, and budget, translating company growth goals into a scalable IT foundation
• Build, lead, and mentor the IT team, fostering a culture of security-first thinking and operational excellence
• Drive IT maturity across the organization in support of SOC 2 and SOC 1 readiness
• Serve as the primary corporate IT decision-maker and escalation point for the business
  
  

IT architecture and infrastructure

• Define and govern standard patterns for user lifecycle, access control, and device posture across the workforce
• Own the design and evolution of corporate IT architecture: endpoints, identity, the SaaS stack, and networking
• Oversee endpoint and asset management, including MDM and EDR policies, patching, disk encryption, and auditable asset inventories
• Ensure reliable, scalable IT operations for a remote-first, globally distributed workforce
  
  

Identity, access, and SaaS governance

• Own corporate identity and access management strategy across Google Workspace, Rippling, Salesforce, Slack, Atlassian, and other core platforms
• Define and enforce role-based access control and least-privilege models, including access reviews and entitlement rationalization
• Lead SaaS vendor governance: onboarding, risk reviews, renewals, and rationalization across the stack
• Drive automation of joiner, mover, and leaver processes through HRIS and identity-provider integrations
  
  

Security, compliance, and risk

• Own the corporate IT compliance framework and maintain controls and documentation for SOC 2 and SOC 1 audits, working with the vCISO on the control matrix
• Define and oversee endpoint security, corporate identity security, and corporate SaaS hardening standards
• Own vulnerability and patch management for corporate endpoints and SaaS (production and cloud-infrastructure vulnerability management is owned by Engineering)

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Lead corporate incident response for business email compromise, phishing, account compromise, lost or stolen devices, and vendor breaches
• Coordinate customer security questionnaires and partner with Engineering and Dev Services on security assessments and risk remediation; Engineering leads on production and customer-facing controls
• Maintain a proactive stance on emerging risks and close corporate gaps before they become incidents
  
  

Operations and automation

• Oversee IT support operations, ensuring a high-quality experience across a remote-first team
• Champion automation and tooling to reduce manual toil and improve operational efficiency
• Own IT capacity planning: licenses, hardware refresh, and platform investments
• Maintain and continuously improve IT documentation, runbooks, and standards
  
  

What is not in scope

Role

To keep the ownership model clean, the following sit with Engineering (CTO), not this role. You partner with Engineering on these; you do not own them:

• Product security, application security, and the secure development lifecycle
• Production identity, access, and secrets management
• Cloud infrastructure security and production incident response
• Customer-facing security architecture and the technical answers behind customer security reviews
  
  

What you'll bring

• 8+ years in corporate IT, with at least 3 years in a leadership or management role at a high-growth tech company
• Proven experience building and scaling IT functions, teams, and strategy from the ground up
• Deep expertise in identity and SSO, endpoint management, and SaaS governance (Google Workspace, Rippling, IdP providers, SCIM, SAML, OIDC)
• Strong working knowledge of SOC 2 and SOC 1, and comfort owning audit readiness and the auditor relationship
• Experience leading IT through audits, security assessments, and customer risk questionnaires
• A track record of hiring, mentoring, and developing high-performing IT teams
• Excellent communication skills, able to translate complex technical decisions into clear recommendations for executive and non-technical stakeholders
• Experience supporting a distributed, remote-first workforce with async-friendly processes and documentation
• Comfort operating inside a defined IT/Engineering split and partnering with a fractional vCISO rather than owning product security directly