We’re looking for a Head of IT & Information Security Operations who’s ready to become the practical owner of everything that keeps our internal systems, access, devices, and security running like clockwork. If you believe that a clean access list is a thing of beauty and “we’ll document it later” makes you twitch a little, this might be your next co-op mission.
🏆 YOUR QUEST-LINE:
Build and maintain a single registry of systems, services, and SaaS tools: owners, admins, users, plans, renewals, MFA/SSO, and offboarding flow, all in one place;
Own the access lifecycle end-to-end: onboarding, offboarding, role changes, and regular access reviews, so nobody keeps a key to a door they don’t need anymore;
Lead the IT Admin/MSP: set priorities, review quality of work, keep SLAs honest, and yes, keep an eye on the admin’s own access too;
Level up our password manager, MFA/2FA, admin access, shared credentials, and break-glass access setup;
Bring order to our device fleet: inventory, MDM, encryption, screen lock, updates, remote lock/wipe, and local admin rights;
Map out where the important stuff actually lives and who can touch it: HR, Finance, Legal, Product, Support, Anti-Fraud, Data, and Engineering;
Team up with Finance to keep SaaS/vendor spend in check: licenses, unused seats, duplicate tools, costs, and security capabilities;
Set up a real incident response flow for lost devices, compromised accounts, leaked passwords, wrong sharing, and malware/data leak suspicion, no improvising in the moment;
Check that backups, recovery, and continuity actually work for our critical systems and data (not just look good on paper);
Hunt down repetitive manual processes and automate them via the IT Admin/approved tools: n8n, Make, Google Apps Script, and internal scripts;
Support the security side of internal policies: access rules, device rules, AI use, incident response, and password/MFA/admin access;
Prepare evidence and processes for payment partner requirements: MFA, access control, device baseline, incident process, and data handling.
👩🚀 YOUR IN-GAME SKIN:
4+ years of experience in internal IT, corporate IT, information security operations, IT governance, or a similar role;
Experience in e-commerce, product, fintech, payments, iGaming/gambling, or another payment-sensitive industry;
Solid understanding of IAM, SSO, MFA, RBAC, and the full privileged access lifecycle;
Hands-on experience with Google Workspace, Slack, password managers, and common SaaS administration;
Understanding of MDM and baseline protection for macOS/Windows devices; Experience building onboarding/offboarding/access review processes from the ground up;
Experience managing an IT Admin, MSP, or technical contractors; Understanding of incident response, backups, and recovery basics;
Strong documentation habits, you keep registries and checklists actually up-to-date, not just created once and forgotten;
Strong ownership, structured thinking, and the ability to align with different departments without turning it into a negotiation marathon.
🚀 WILL BE YOUR BOOST:
Practical understanding of PCI DSS, ISO 27001, GDPR, or NIST;
Experience going through security questionnaires from payment partners or vendors;
Experience with DLP, EDR, SIEM, or vulnerability management;
Understanding of AppSec/secure SDLC basics;
Experience automating workflows via n8n, Make, Zapier, Google Apps Script, or internal tools;
Experience owning SaaS/vendor spend, renewals, licenses, and unused seats;
Experience implementing MDM from scratch.
🥷 YOUR POWER-UPS SOURCE:
Spontaneous weekend from the CEO;
Support for professional development, including events (we went on a MAJOR trip to Copenhagen, for example), certifications, and educational materials;
Start working at a time that’s comfortable for you;
People Partner who will always support you in word and deed;
Anniversary and performance bonuses;
Input on project direction in a bureaucracy-free e



