IT Operations and Security Manager – Remote

About Us

Simprints is a nonprofit tech company with a mission to radically increase transparency and effectiveness in global development. We build ethical, inclusive digital ID powered by biometrics to ensure that every vaccine, every dollar, and every public good reaches the people who need them most. Simprints partners with organisations like Gavi to boost immunisation rates in developing countries, Ministries of Health like Ghana on pandemic response, and NGOs like BRAC to deliver maternal healthcare. Studies have shown Simprints increases impact through real-time, precision data, for example increasing maternal health visits by 38% in Bangladesh or accurate HIV tracing by 62% in Malawi. Today we’ve worked in over 17 countries helping deliver health, aid, and finance to >2.3M people.

About the Role

This is a unique and brand new role, combining Cybersecurity and Technology.

For the right candidate it will be a career-defining opportunity which sees them build out an IT Department within this dynamic non-profit tech startup, whilst developing and integrating an Information Security approach.

As our IT Operations and Security Manager, you will report directly to the CTO, and support us to develop a Service Delivery practice, iterate our approaches to endpoint security and desktop management, manage and support our cloud backend, support our users, and drive forward an ISO27001 programme of work.

You will be a critical and core leader in our technology leadership team, driving forward an ambitious strategy which includes a bold Open Source strategy in a technology-centric business where you contribute directly to our mission to end poverty using technology for good.

RESPONSIBILITIES

IT

• Coordinate the provisioning, support, and management of a range of Linux, OSX, and Windows endpoints;
• Manage accounts and IAM systems, ensuring on and offboarding happen smoothly, and assisting with any access issues;
• Manage our Google Workspace instance, productivity and devops tools, provisioning/supporting as appropriate for the broader Product & Engineering team to support CI/CD;
• Design and manage permission and authorization strategies in line with our security policy;
• Write, update, and communicate key policies and procedures, including Service Delivery Target Operating Model, SLAs, Information Security, and IT strategy;
• Provide support to end-users with software/hardware issues as well as cloud provisioning, use, deployment, and innovation;
• Administering and maintaining other business-critical platforms (or supporting and overseeing the business owner who does), including data platforms, Salesforce, CharlieHR, Slack.

Security

• Maintaining an asset inventory of key software, hardware, and cloud assets;
• Update our approach to endpoint protection, procuring, deploying and managing a tool that meets our needs;
• Update our approach to device management, configuring and managing a platform that meets our needs;
• Remediating security vulnerabilities by maintaining a Vulnerability Management programme across our key assets;
• Acting as an Incident Captain where necessary and maintaining & testing an Incident Response plan and playbooks for critical incidents;
• Running and monitoring an ISO27001 compliance program, aiming to bring us to full compliance within 2-3 years;
• Supporting our broader product development and strategy process to ensure it contains the right cryptographic, security, and other controls to protect critical assets.

MUST HAVE REQUIREMENTS

• Skilled in OSX, Windows Operating systems;
• Experience with Google Workspace;
• Strong knowledge of ITIL or other structured approaches for IT service delivery;
• Experience managing complex technology environments, including system administration, end-user support, and service management;
• Experience of ISO27001 or a similar compliance framework;
• Hands-on cybersecurity experience (e.g. responsibility for elements of an information security programme such as vulnerability management, risk assessment, security-by-design);
• Experience operating and deploying EDR and MDM software;
• Experience of BYOE / user-managed computing;

NICE-TO-HAVE REQUIREMENTS

• Deep experience with cybersecurity, including technical cybersecurity certifications, certification in Information Security Management such as CISSP;
• Experience in structured risk management & Information Security control standards, perhaps including certification e.g. accredited ISO27001 / PCI-DSS practitioner;
• Deep experience with technology management, perhaps including relevant technology certifications, such as ITIL and/or a project management certification;
• Experience in modern, high-paced ‘startup-style’ engineering culture;
• Experience with (or supporting) an environment practising Agile Software Development;
• Experience in the International development sector;
• Lived experience of the Global South or intersectional inequality.