Manager, Corporate IT & Information Security

About The Role

Todyl is seeking a hands-on Manager, Corporate IT & Information Security to lead and operate our internal corporate technology, information security, and compliance programs. This role is responsible for the performance, reliability, and security of Todyl’s internal IT environment across three office locations, including our Microsoft ecosystem, corporate endpoints and SaaS applications, identity and access management, internal use of the Todyl platform, physical security systems, and the overall corporate security program.

This is a player-coach role for a leader who is equally comfortable setting direction, building programs, and personally executing. You will manage a lean internal IT function, including one team member responsible for day-to-day help desk support, while directly owning core systems, escalations, security operations, and key technology initiatives.

This role also owns Todyl’s internal compliance program, including SOC 2, CMMC, and other applicable security and regulatory frameworks. You will be responsible for maintaining audit readiness, strengthening controls, managing evidence and remediation, and partnering cross-functionally to ensure our internal environment scales securely and in alignment with company obligations.

This is not a pure policy or oversight role. It is a hands-on leadership position with direct accountability for Todyl’s internal corporate technology, security posture, and compliance execution.

Responsibilities:

Corporate IT Leadership & Operations

• Own Todyl’s internal IT environment, including corporate productivity systems, endpoints, identity, device management, collaboration tools, and core SaaS applications.

• Serve as the primary owner of Todyl’s Microsoft infrastructure and tenant, including administration, security, governance, and lifecycle management across Microsoft 365, Entra ID, Intune, Exchange, Teams, SharePoint, and related services, in partnership with SRE where appropriate across the Microsoft ecosystem.

• Own and continuously improve Todyl’s internal use of the Todyl tenant and platform to protect the corporate environment.

• Lead IT operations for onboarding, offboarding, access provisioning, endpoint standards, asset management, license management, support escalation, and overall end-user experience across three office locations.

• Manage and develop the help desk team member while serving as the escalation point for complex or high-impact issues.

• Establish and maintain standards for endpoint configuration, patching, hardening, backup, recovery, and business continuity.

• Oversee corporate physical security technology and controls across three office locations, including badge access systems, visitor access processes, and video surveillance systems.

Information Security Leadership

• Own and lead Todyl’s corporate information security program, including policies, standards, technical controls, operational processes, and ongoing security maturity.

• Design, implement, and improve security controls across identity and access management, endpoint protection, logging and monitoring, vulnerability management, data protection, SaaS security, configuration management, physical security controls, and incident response.

• Lead security monitoring, triage, investigations, and response coordination for internal corporate systems and events, partnering with MXDR and Advanced Threat Operations for escalation and coordinated response as needed.

• Drive company-wide security awareness, phishing resilience, and training initiatives to strengthen security culture and employee readiness.

• Partner with Engineering, Product, and leadership to ensure internal security practices align with broader business and platform risk priorities.

• Provide regular reporting to leadership on internal security posture, material risks, remediation progress, and control maturity.

Compliance, Risk & Audit Ownership

• Own Todyl’s internal compliance program, including SOC 2, CMMC, and other applicable frameworks and customer-driven requirements.

• Lead internal and external audits for SOC 2, CMMC, and other applicable frameworks, including audit readiness efforts, control design, evidence collection, gap assessments, remediation planning, and ongoing compliance monitoring.

• Maintain and improve the company’s policy, standards, and control documentation to support governance, auditability, and operational execution.

• Partner with internal stakeholders across Legal, Finance, People, Engineering, and Operations to operationalize compliance requirements across systems, processes, and teams.

• Manage external auditors, assessors, and consultants, and serve as the primary internal owner for audit and compliance engagements.

• Conduct internal risk assessments and control reviews, track corrective actions, and drive continuous improvement of the company’s control environment.

• Support customer, partner, and vendor security diligence activities as needed, including security questionnaires, compliance discussions, and documentation requests.
  

Cross-Functional Leadership

• Build and maintain an internal IT, security, and compliance roadmap that improves operational maturity, reduces risk, and supports company growth.

• Evaluate and manage third-party vendors that support internal IT, security, and compliance operations.

• Balance strong controls with usability and speed in a high-growth environment, applying practical judgment to keep the business secure and moving.

• Develop scalable processes and operating rhythms that strengthen internal accountability and support long-term readiness. 
  

Requirements: 

• 8+ years of experience across corporate IT, information security, and/or compliance leadership roles, with increasing scope and ownership in technology-driven environments.

• Proven experience leading a hands-on internal IT and security function in a lean organization.

• Strong experience administering and securing Microsoft environments, including Microsoft 365, Entra ID, Intune, Exchange, Teams, SharePoint, endpoint management, and identity-driven security controls.

• Experience owning or materially leading SOC 2 and CMMC programs, including control implementation, evidence management, audit readiness, and remediation.

• Strong knowledge of security and compliance frameworks such as SOC 2, CMMC, NIST 800-171, NIST CSF, CIS Controls, and ISO 27001.

• Experience implementing practical controls across identity, endpoints, SaaS, devices, data protection, vulnerability management, logging, monitoring, and incident response.

• Demonstrated ability to create and maintain policies, standards, procedures, and documentation that are both operationally useful and audit-ready.

• Experience managing external auditors, assessors, and other compliance stakeholders.

• Strong communication skills, sound judgment, and the ability to work effectively across technical teams, business stakeholders, and executive leadership.

• Comfortable managing a small team while personally owning key systems, escalations, and deliverables.

• CISSP or equivalent advanced security certification required.

Preferred Qualifications

• Experience in a cybersecurity, SaaS, managed services, or regulated technology environment.

• Experience supporting customer-facing security and compliance diligence.

• Additional certifications such as CISM, CISA, CCSP, or relevant Microsoft certifications.

• Bachelor’s degree in Information Technology, Information Security, Computer Science, or a related field.

What We Offer

• Health & Wellbeing

  • Medical, dental, and vision coverage for you and your family

  • HSA/FSA options

  • Life insurance and short- and long-term disability coverage

• Financial & Future

  • Competitive 401(k) to invest in your future

  • Short- and long-term disability coverage for when life gets unpredictable

• Flexibility & Time Off

  • Hybrid work schedule

  • Flexible PTO + 13 company holidays

  • Generous parental leave

Todyl provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, transgender status, gender identity or expression, national origin, age, disability, marital status, genetic information, military status or any other status protected by applicable federal, state or local laws.