phyllo
phyllo~3h ago
New

Head of IT, GRC & Compliance

HybridHybridFull timeexecutive
Legal & ComplianceCompliance
0 views0 saves0 applied
Apply Now

Quick Summary

Overview

About Us Phyllo is a data gateway that allows social data to be accessed from source platforms (e.g. YouTube, Twitch, Upwork, Shopify, etc.).

Technical Tools
Legal & ComplianceCompliance

Phyllo is a data gateway that allows social data to be accessed from source platforms (e.g. YouTube, Twitch, Upwork, Shopify, etc.). We build the underlying infrastructure that connects with every creator platform, maintain a live data feed to the systems used by these platforms to manage creators' data, and provide a normalized data set so that businesses can use creators' data in a simple yet impactful way.  Website: https://www.getphyllo.com/

About the Role

~1 min read

We are looking for a high ownership-driven and hands-on Head of IT, GRC & Compliance to lead and manage the organization’s complete internal IT, Governance, Compliance, SaaS Operations, Identity & Access management, Endpoint Security, Procurement, and IT Operational Ecosystem.

This is a strategic and execution-heavy role responsible for ensuring: secure and scalable IT Operations, Compliance Readiness, Enterprise Saas Governance, Access Management, Endpoint Security, Audit Preparedness, Vendor Governance, And Overall It Operational Excellence.

Comfortable operating in a fast-paced startup environment and can independently manage “everything IT”—from onboarding laptops and troubleshooting enterprise tools to leading SOC2/ISO audits and driving security governance initiatives.

Responsibilities

~2 min read
  1. Governance, Risk & Compliance (GRC) :
    • Lead organization-wide compliance initiatives including:
      • SOC 2
      • ISO 27001
      • GDPR
      • customer/vendor security assessments
      • internal IT audits
    • Own and manage compliance automation platforms such as Scrut
    • Maintain and improve:
      • Policies
      • SOPs
      • security controls
      • evidence repositories
      • audit documentation
    • Coordinate with legal, HR, engineering, finance, and leadership teams for audit readiness
    • Conduct risk assessments and remediation tracking
    • Manage customer security questionnaires and compliance requests
    • Drive security awareness and compliance training initiatives
    • Partner with legal teams for:
      • DPA reviews
      • vendor agreements
      • compliance obligations
      • contractual security requirements
  2. Identity & Access Management (IAM) :
    • Manage end-to-end user lifecycle:
      • Onboarding
      • Offboarding
      • access changes
      • privileged access reviews
    • Provision and manage access across:
      • Google Workspace (Gsuite)
      • Microsoft 365
      • Azure / Entra ID
      • GCP
      • Enterprise SaaS applications
    • Implement and manage:
      • SSO
      • MFA
      • RBAC
      • SCIM provisioning
      • Conditional Access policies
    • Conduct periodic access audits and governance reviews
    • Troubleshoot authentication and identity-related issues
    • Drive Zero Trust access governance practices
  3. IT Operations & Enterprise Administration :
    • Administer and support:
      • Google Workspace
      • Microsoft 365
      • Azure / Entra ID
      • Google Cloud Platform (GCP)
      • Collaboration tools
      • Productivity platforms
      • Enterprise SaaS ecosystem
    • Manage:
      • Email security
      • Distribution groups
      • Enterprise configurations
      • SaaS integrations
      • licensing and subscriptions
    • Troubleshoot enterprise IT and SaaS platform issues across departments
    • Ensure operational uptime, reliability, and scalability of enterprise IT systems
    • Drive IT process automation and operational efficiency initiatives
  4. Endpoint Security & Device Management
    • Manage endpoint governance and device compliance programs
    • Administer MDM/endpoint management platforms such as:
      • Sophos
      • Sentinel
      • or equivalent tools
    • Coordinate endpoint hardening, device security baselines, and compliance enforcement
    • Support EDR/security tooling deployment and operational coordination
    • Manage:
      • laptop lifecycle
      • device inventory
      • security compliance
      • secure decommissioning
    • Implement and maintain:
      • BYOD policies
      • endpoint security standards
      • encryption compliance
  5. IT Asset Management & Procurement
    • Own end-to-end IT asset lifecycle management:
      • Procurement
      • Allocation
      • Tracking
      • Recovery
      • Disposal
    • Maintain inventory of:
      • Laptops
      • Peripherals
      • enterprise licenses
      • SaaS subscriptions
    • Manage vendor relationships and procurement workflows
    • Optimize SaaS licensing utilization and costs
    • Coordinate hardware provisioning for onboarding/offboarding processes
    • Maintain procurement governance and approval workflows
  6. SaaS Governance & AI Tool Governance
    • Own governance and administration of enterprise SaaS applications
    • Monitor and manage:
      • SaaS sprawl
      • shadow IT
      • unauthorized tool usage
    • Establish governance for AI-enabled productivity and enterprise tools
    • Ensure secure handling of organizational data across SaaS platforms
    • Optimize SaaS utilization, access governance, and subscription costs
  7. Security Operations & Incident Coordination
    • Coordinate IT-related security incidents including:
      • phishing response
      • access compromise
      • insider access revocation
      • lost/stolen devices
    • Partner with security teams on:
      • incident response
      • vulnerability remediation
      • operational security initiatives
    • Support business continuity and disaster recovery readiness
    • Maintain audit trails, operational logs, and governance records
  • 5–7+ years of experience in: IT Operations, GRC, IT Compliance, IAM, Enterprise IT Administration, SaaS Operations
  • Strong hands-on experience with: Google Workspace, Microsoft 365, Azure / Entra ID, GCP, Scrut or equivalent compliance platforms 
  • Experience leading: SOC 2, ISO 27001, Audit programs, security assessments, risk management initiatives, VAPT.
  • Strong understanding of: IAM, SSO, MFA, RBAC, SCIM, Zero Trust concepts
  • Experience with: endpoint management, MDM solutions, IT asset management, procurement operations
  • Strong troubleshooting, stakeholder management, and operational ownership skills
  • Ability to independently manage cross-functional IT and compliance operations in startup environments

Requirements

~1 min read
  • Experience working in startup or high-growth SaaS organizations
  • Familiarity with:
    • EDR/XDR platforms
    • cloud security tooling
  • Certifications such as:
    • ISO 27001 Lead Implementer/Auditor
    • CISA
    • CRISC
    • Microsoft/Azure certifications
    • Google Workspace administration certifications
  • Experience automating IT/GRC workflows and operational processes

What We Offer

~1 min read
Hybrid Working Environment: Work both from the office and remotely as needed for a better work-life balance
Flexible Hours: Choose to work in the hours you feel the most productive
Innovate and Evolve: We're building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact

We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. You will infuse insights and ideas into business decision-making, solutions strategy, and the innovation roadmap for each product.

If You are someone who: thrives in high-ownership startup environments, can independently manage broad IT and compliance responsibilities, balances governance with operational practicality, is equally comfortable with audits and hands-on troubleshooting, can build scalable internal IT processes from the ground up, and can act as the central owner for enterprise IT, compliance, and operational governance, Phyllo is the perfect place for you!!


 

Location & Eligibility

Where is the job
Hybrid
Hybrid — some on-site time required
Who can apply
Same as job location

Listing Details

First seen
May 27, 2026
Last seen
May 27, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
54%
Scored at
May 27, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Apply for this position

Similar Compliance jobs

View all →
CoupangCoupang
Compliance 모니터링 및 관리 담당자 (Anti-Corruption Monitoring)
NiumNium
Director – Regulatory Compliance & MLRO Lithuania
Full-time
Digital Realty Trust, L.P.Digital Realty Trust, L.P.
Sr. Associate, Privacy and Compliance
Hybrid
flutterwavegoflutterwavego
Analyst, Compliance
Full-Time
atbatb
Compliance Assurance Analyst
NiumNium
Data Analyst – Risk & Compliance
Full-time

Browse Similar Jobs

Attorney628Paralegal542Compliance Specialist368Corporate Lawyer324Regulatory137Legal Counsel126Commercial Counsel88Corporate Counsel86Contracts76Assistant General Counsel55Lawyer54Contract Manager42Regulatory Affairs Specialist35Employment Specialist29Risk Specialist24Data Protection Officer23Compliance Officer20Privacy Counsel19Claims Specialist19Aml Analyst19
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

phylloHead of IT, GRC & Compliance
Apply Now