Soc 2 Jobs (NOW HIRING)

Clearstory is looking for an IT & Security Operations Manager to manage and improve the day-to-day operations of our IT, security compliance, and corporate systems infrastructure.

We've built a solid foundation - SOC 2 compliance tooling in Vanta, structured onboarding and offboarding workflows, a vendor security review process, and a cross-functional data governance program. What we need is a dedicated owner to manage these programs day-to-day, project manage key deliverables, maintain what's already working, and identify opportunities to improve and scale as we grow.

If you thrive as the go-to person for IT, compliance coordination, and keeping an organization running smoothly, this role is for you.

IT Administration

• Manage day-to-day identity and access management - Google Workspace admin, Slack admin, AI platform administration, shared inbox management
• Run employee onboarding provisioning - Day 1 account creation, checklist management, Vanta security onboarding, welcome communications, completion tracking
• Run employee offboarding - access revocation, system owner coordination, equipment return, deprovisioning verification within SLA
• Serve as the internal IT point of contact - password resets, hardware troubleshooting, software support, connectivity issues
• Manage the asset lifecycle - laptop procurement, serial number tracking, equipment reassignment, peripherals ordering
• Coordinate the annual SOC 2 audit process - project manage evidence collection, organize documentation, track control status in Vanta, follow up on remediation, and liaise with external auditors
• Execute quarterly and annual access reviews, verifying active users against the employee roster, documenting findings, and remediating stale access
• Manage Vanta day-to-day - dashboards, weekly compliance summaries, Trust Center access requests, failed test remediation
• Monitor and drive employee security compliance - agent installs, 1Password provisioning, MFA enforcement, security awareness training
• Take first pass on inbound customer security questionnaires and maintain an answer library to streamline future responses
• Track and execute data governance action items from biweekly cross-functional meetings - tool policy enforcement, vendor risk monitoring, etc.

Security & Compliance

• Coordinate the annual SOC 2 audit process - project manage evidence collection, organize documentation, track control status in Vanta, follow up on remediation, and liaise with external auditors
• Execute quarterly and annual access reviews, verifying active users against the employee roster, documenting findings, and remediating stale access
• Manage Vanta day-to-day - dashboards, weekly compliance summaries, Trust Center access requests, failed test remediation
• Monitor and drive employee security compliance - agent installs, 1Password provisioning, MFA enforcement, security awareness training
• Take first pass on inbound customer security questionnaires and maintain an answer library to streamline future responses
• Track and execute data governance action items from biweekly cross-functional meetings - tool policy enforcement, vendor risk monitoring, etc.

Business Operations

• Maintain and improve a centralized SaaS inventory - tools, seat counts, renewal dates, and costs. Keep a renewal calendar with advance notice to budget owners
• Manage new software requests - intake, triage, security review routing, approval tracking, provisioning
• Prepare vendor security assessments - collect SOC 2 reports, DPAs, and documentation for CTO review and approval
• Support office IT and facilities - conference room AV, key fob provisioning, building management coordination
• Document key processes - onboarding/offboarding runbooks, SOC 2 evidence collection guides, vendor review steps, AI usage best practices
• Identify and implement automation opportunities - workflows for onboarding triggers, access request routing, renewal reminders, and offboarding checklists

This is an opportunity to be the dedicated owner of IT and security operations at a growing SaaS company.

You will:

• Take ownership of established compliance, IT, and security programs and keep them running smoothly
• Project manage SOC 2 audit readiness as the company expands its customer base
• Identify gaps and inefficiencies in existing workflows and fix them
• Help create scalable processes that support the company through its next stage of growth
• Work cross-functionally with Engineering, Finance, and GTM teams

Success in this role means Clearstory's IT, security compliance, and corporate systems run reliably and keep getting better over time.

Clearstory is a SaaS platform modernizing how construction companies communicate, approve, and track change orders and related cost workflows. We replace paper, spreadsheets, and email with simple, trusted financial workflows that help contractors get paid accurately and on time.

We are a Series B, 100% SaaS company with strong product-market fit, growing six-figure deals, and a large, underserved TAM. Our customers love us, our retention is strong, and we are building for long-term impact.

Requirements

• 4-7 years of experience in IT operations, security operations, or SaaS business operations
• Hands-on SOC 2 evidence collection and audit coordination experience (not just awareness - you've done the work)
• Google Workspace administration experience (security settings, groups)
• Experience with compliance platforms like Vanta, Drata, or similar
• SaaS vendor management experience - renewals, license optimization, procurement intake
• Comfort with automation tools to streamline established workflows
• The ability to work directly with a CTO on security operations without needing hand-holding on fundamentals
• A builder's mindset - you'd rather create a process than follow a broken one, and you document what you build

Strong plus if you have:

• Experience completing customer security questionnaires
• Office or facilities coordination at a startup
• MDM deployment experience

You're a hands-on operator who gets things done without being asked. You see a problem, fix it, and move on - whether that's a password reset at 9am or prepping access review documentation at 2pm. Task size doesn't faze you because you know the small stuff and the big stuff both matter at a company this size.

You're organized and reliable. When you're asked to coordinate an offboarding or chase down a vendor's SOC 2 report, it gets done on time and nothing slips. You're comfortable working across teams - Engineering, Finance, GTM - and you can translate security and IT requirements into plain language for people who don't live in that world.

You understand that IT and security operations at a growing company isn't glamorous - but you also know it's foundational. You've seen what happens when access deprovisioning slips or when SOC 2 evidence collection becomes a fire drill. You're the person who keeps things running so that doesn't happen.

This is not a security engineering or CISO-track role - the CTO owns security architecture and policy. This is not a pure helpdesk role either - IT support is part of the job, but compliance coordination and process maintenance are the core.

Benefits

• Competitive salary and meaningful equity ownership
• Comprehensive health, dental, and vision coverage
• 401(k) plan to support your long-term financial goals
• Flexible PTO and company holidays
• Remote-friendly work environment with flexibility and autonomy
• Opportunity to work alongside a high-caliber, mission-driven team
• Career growth and leadership opportunities as the company scales