IT Lead

Later is the world’s most intelligent influencer marketing company, built to give brands the confidence to create unforgettable campaigns. By combining real creator relationships, trusted intelligence, and expert guidance, Later removes fear and guesswork from one of marketing’s most visible investments. Built on a native, AI-powered platform and more than a decade of proprietary data—including billions of social interactions, impressions, and $2.4B+ in verified influencer-driven purchases—Later helps teams understand what will work before they launch. By combining trusted insight with expert guidance, Later removes guesswork from influencer marketing, enabling brands to choose the right creators, execute fully managed campaigns, and drive meaningful growth across awareness, engagement, and revenue. Trusted by leading enterprise brands including Nike, Wayfair, Unilever, and Southwest Airlines, Later bridges creativity and performance so campaigns don’t just look good—they deliver results. Learn more at later.com.About this position: We’re looking for a highly technical IT Lead (7+ years experience) to own and evolve our corporate IT systems/access and security at a senior level. This is not a “tickets all day” role — it’s a high technical role that still stays close to the planning and the execution. You’ll be responsible for building secure, configure, and well-governed systems or 3rd party integration across identity/access, endpoint management, device compliance, and core productivity platforms (Google Workspace and key SaaS). This person will be the technical owner for IT foundations that support SOC2/ISO readiness, secure access, reliable onboarding/offboarding, and device compliance across a growing organization. What you'll be doing: Strategy Participate and advise on the IT technical roadmap across identity, endpoint security, access governance, and core corporate systems. Partner with Security/Infra to ensure SOC 2 Type II and ISO 27001 controls are operational (and not just documented). Establish standards for device compliance, access management, and SaaS lifecycle (intake → review → onboarding → offboarding). Drive adoption of scalable patterns: SSO-first, least privilege, automated lifecycle management, and measurable compliance. Government of IT equipment in company offices (equipment in conference rooms, entrance doors, security cameras, etc.) Technical/ Execution Own Google Workspace administration end-to-end (org policies, groups, security settings, audits, access hygiene). Lead Identity & Access Management: SSO/SAML, SCIM provisioning, group-based access control, and app access patterns. Own device endpoint management at scale: Kandji/Iru (Mac) and Intune (Windows) device policy enforcement OS update compliance, encryption, malware protection, and reporting Build and maintain operational automation: BetterCloud or SaaS Manager workflows (onboarding/offboarding, group membership, access reviews) Scripted automation (where appropriate) to reduce manual work Own core “security hygiene” within IT: Account lifecycle, joiner/mover/leaver processes Device inventory accuracy and compliance dashboards Audit evidence collection that’s clean and repeatable Support vendor/tool governance: Software inventory ownership (admin + business owner) Vendor classification and risk review inputs (in partnership with Security/Legal) Team / Collaboration Partner with Infra/DevOps/Security to align on controls, identity design, and incident readiness. Work with HR/PeopleOps on onboarding/offboarding and policy rollout. Collaborate with Finance/Procurement on renewals, licensing discipline, and cost visibility. Create clear documentation/runbooks so IT is easier to operate and scale. Research/Best Practices Define “how we work” standards: SLA tiers, escalation rules, evidence cadence, and system ownership. Reduce repeat incidents via automation, standardization, and root-cause improvements. Build a monthly operating rhythm: access reviews, device compliance review, vendor/tool audits, and reporting. What success looks like: First 30 days: Meet key stakeholders (IT, Security, DevOps, HR, Finance). Take ownership of IT intake: ticket flow, SLA usage, escalations, and current pain points. Audit Google Workspace, groups, SSO apps, device inventory (Mac/Windows), and current policies. Review SOC2/ISO requirements that touch IT (access, device compliance, evidence). Identify quick wins: cleanup high-risk access, fix top recurring tickets, and document “how-to” basics for the team. First 60 days: Stabilize operations: reduce ticket backlog, tighten prioritization, and improve response consistency. Implement a clear onboarding/offboarding workflow (Google Workspace + SSO + device provisioning) and standardize access requests. Roll out baseline endpoint compliance reporting (Kandji/Intune) for patching, encryption, AV. Build a vendor/software inventory with owners and admin contacts. Start monthly access reviews + evidence collection cadence for SOC2 (and prep for Type II). First 90 days: Deliver measurable improvements: faster onboarding, fewer repeat tickets, and higher endpoint compliance (patching/encryption/AV). Lock down SSO standards: app catalog, ownership, least-privilege groups, and (where possible) SCIM automation. Formalize IT runbooks and a small project roadmap (next quarter). Ensure SOC2/ISO readiness is “operational,” not ad-hoc: recurring evidence, vendor reviews, and audit-ready documentation. Present a clear plan for future capacity needs (contractor vs hire) based on volume and risk. What you bring: 7+ years in IT engineering / systems administration / corporate systems leadership (senior technical depth). Deep expertise in Google Workspace administration and security controls. Strong experience with SSO/SAML and SCIM (Okta or similar IdP), group-based access models, least-privilege design. Strong endpoint management experience: Kandji (Mac) and/or Intune (Windo