Senior Information Security & IT Manager

🕒 May 9

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

WeaveGrid

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2018

⚡ Energy

☁️ SaaS

🤝 B2B

🔥 Funding within the last year

💰 Venture Round - WeaveGrid on 2025-09

Energy • SaaS • B2B

WeaveGrid is a software company that provides a Distribution-Integrated System Capacity Orchestration (DISCO) platform and DERMS interface enabling utilities to orchestrate distributed energy resources (EVs, home batteries, and other flexible behind-the-meter loads) at transformer, feeder, and bulk-system levels. The platform automates localized dispatch and managed charging to align electric loads with network capacity, support renewable integration, reduce the need for infrastructure upgrades, and run large-scale utility programs and VPPs. WeaveGrid partners with utilities, automakers, and charging providers to deliver B2B SaaS solutions for grid flexibility, program management, and customer engagement.

📋 Description

• Own and execute WeaveGrid's information security and IT program end-to-end — this is a high-impact, hands-on IC role. • Maintain cloud security posture across AWS (IAM governance, configuration review, cloud-native security tooling) • Own the corporate security control environment — EDR, email security, identity governance, network monitoring, DLP • Oversee strategy and day-to-day management of our IT services contractor(s). Ensure operational excellence and intervene as needed to ensure timely responses to internal stakeholders. • Serve as the internal technical owner of the corporate IT environment and escalation point for security-intersecting IT issues • Manage SOC 2 Type II compliance across all five Trust Service Criteria, including auditor relationships and evidence collection • Support CCPA and privacy compliance by monitoring and managing data subject access requests and the associated overarching process, applicable website technologies, and ad hoc privacy requests, in partnership with the Legal team. • Own application security for our web and mobile products, including coordinating annual penetration tests and driving remediation with Engineering. • Run the vulnerability management program — prioritization, tracking, and reporting. • Manage incident response — maintain the IR plan, run tabletop exercises, and handle real incidents through to post-mortem. • Maintain and test BC/DR plans in coordination with Engineering and Operations. • Conduct and document quarterly access reviews across critical systems. • Review security terms in vendor and customer contracts; complete customer security questionnaires; run vendor risk assessments. • Help administer the personnel security program (security awareness training, onboarding/offboarding controls) in partnership with the People team. • Lead the company’s Information Security & IT Committee — evaluating tools, defining acceptable use, and managing data exposure risk across sanctioned tools, including AI platforms • Drive AI and new technology adoption within WeaveGrid, engaging internal and external stakeholders as applicable

🎯 Requirements

• 7+ years in information security with meaningful program ownership experience • Experience at a growth-stage startup company, ideally as a primary security practitioner • Experience providing or overseeing IT services • Obsessed with client service and meeting internal SLAs • Hands-on SOC 2 Type II experience — you've run an audit, not just supported one. • Familiarity with leading security and compliance governance tools (i.e. Vanta, Drata, OneTrust). • Working knowledge of CCPA and US data privacy requirements • Experience reviewing contractual security requirements. • Deep interest in and knowledge of leading AI tooling, as applicable to early-stage startups. • Proven track record driving security, compliance, and/or technology change within a fast-paced organization. • Familiarity with AI security risks and SaaS AI governance • Preferred Experience or familiarity with ISO 27001, NIST 800-53, NERC CIP, OWASP. • Comfortable writing Bash scripts for automation and MDM enforcement tasks • Strong written communication — you can brief an exec and write audit-ready documentation • CISSP, CISM, or equivalent.

🏖️ Benefits

• equity (stock options)