Grace Hill is seeking a Director, Business Systems & IT Security to own IT operations, business systems administration, identity and access management (IAM), and security/compliance execution for a ~250-person remote workforce with some office presence and regular conferences/events. This role will report to the CTO and will assume responsibility for business systems, IT management, and security activities currently managed within Finance and will serve as the primary owner of our managed IT services partner.

The Director will ensure reliable, secure access to core systems (Google, SaaS tools, endpoints, VPN), maintain SOC 2 continuous readiness and audit artifacts, respond to customer security questionnaires, lead policy/control governance, and drive automation across the organization—including implementation and enablement of n8n and power-user connectivity across business systems. This role will also lead or project-manage technology and systems integrations associated with acquisitions as well as internal product integrations.

Core responsibilities:

1) IT operations & end-user experience (remote-first)

• Own day-to-day IT operations for ~250 remote employees, including support escalations, endpoint lifecycle management, and office/conference/event technology readiness.

• Establish and manage an internal IT escalation process (ticketing workflow, SLAs, triage, root-cause reduction).

• Oversee device logistics and readiness for onboarding/offboarding (laptops/monitors/required equipment), including secure return/decommissioning processes.

2) Identity, access, and Google Workspace administration (IAM)

• Administer Google Workspace (accounts, groups, shared drives, security controls) and serve as the owner of access governance across business systems.

• Implement and enforce least-privilege access patterns, MFA/SSO standards, and periodic access reviews (especially for non-financial internal systems).

• Maintain and improve joiner/mover/leaver workflows, including access approvals, documentation, and auditable records.

3) Endpoint management, VPN, and security tooling

• Own endpoint standards and posture (MDM, baseline hardening, encryption, EDR coverage, patch compliance, asset inventory).

• Manage VPN/remote access and endpoint patching cadence; ensure measurable compliance and exception handling.

• Ensure effective use of security tools and logging/alerting coverage through internal oversight and MSP coordination.

4) Managed service provider oversight & vendor management

• Act as the primary owner of the relationship with managed IT services, including performance management, escalations, SLAs, and service roadmap.

• Track and manage vendor renewal dates and proactively assess costs, coverage, and vendor/tool rationalization opportunities.

5) Governance, Risk & Compliance (GRC): SOC 2, policies, risk program

Governance

• Own operational security governance: maintain internal controls, policies, and standards that support SOC 2 and customer expectations.

• Run periodic compliance reviews (e.g., quarterly) with control owners, coordinating follow-ups and ensuring ongoing readiness.

• Provide executive/leadership updates (including board-level inputs as needed) on security/compliance posture, key risks, and progress.

Risk

• Maintain an actionable risk register and remediation plan (including tracking and action planning for high/critical findings from assessments).

• Lead annual disaster recovery (DR) / business continuity (BC) tabletop exercises; update plans, procedures, and action items.

Compliance

• Own SOC 2 readiness and audit execution: evidence collection, artifact organization, control testing coordination, and audit support.

• Manage customer security assessments and questionnaires end-to-end, partnering with internal stakeholders to meet turnaround SLAs.

• Coordinate GDPR renewals and respond to related customer privacy/security inquiries in partnership with Legal/Finance as needed.

6) Business systems ownership & administration

• Own administration and operational health of key internal tools and workflows (including “business process software” and internal tooling), ensuring access control, documentation, and change discipline.

• Provide admin support and governance for core platforms as needed (e.g., Salesforce user administration and related activities).

• Lead internal data/application strategy for business systems: documentation of system inventory, integrations, data flows, and improvement roadmap.

7) Automation enablement & n8n leadership

• Lead organization automation efforts to reduce manual work, improve data consistency, and strengthen operational controls.

• Implement and govern n8n (standards, reusable templates, security reviews, connector management).

• Support and enable “power users” with safe connectivity across business systems—providing guardrails, best practices, and technical assistance.

8) Acquisition systems integration leadership

• Lead and/or project-manage systems integrations for acquisitions: identity consolidation, device standards, vendor/security alignment, tool rationalization, and data/system integration planning.

• Build repeatable M&A IT/security integration playbooks, including diligence inputs and post-close execution plans

Success measures (high-level)

• Improved onboarding/offboarding speed and accuracy; reduced access and provisioning errors.

• Measurable endpoint compliance (patching, encryption, EDR coverage) and clearer asset inventory.

• SOC 2 evidence “always ready” with fewer audit scrambles and fewer control exceptions.

• Faster, more consistent customer security questionnaire responses.

• Delivered automation outcomes (n8n workflows shipped; reduced manual steps; improved cross-system data flows).

• Strong MSP performance and improved stakeholder satisfaction for internal IT support escalations

Qualifications:

Required

• 7+ years in IT operations, business systems, and/or security/compliance operations in a SaaS or technology-enabled organization.

• Strong hands-on experience with Google Workspace administration and IAM/access governance.

• Experience running endpoint management and patching programs (MDM, EDR, device lifecycle).

• Experience supporting SOC 2 and handling security questionnaires/customer security reviews.

• Vendor/MSP oversight experience and strong operational/project management discipline.

Preferred

• Experience implementing automation platforms (n8n, Workato, Zapier, Make, etc.) with governance/guardrails.

• Experience leading M&A integration workstreams (IT + identity + systems).

• Familiarity with DR/BC planning and tabletop exercise facilitation.

Location:  Remote.  Must be US-based Salary range:  $125,000 -180,000 Base + Bonus Grace Hill offers a robust suite of benefits, including health, dental and vision insurance, 401K, PTO, life insurance, disability insurance, and more. We do not offer visa sponsorship or assistance. Applicants must be based in the US and authorized to work in the US at the time of hire. About Us: Grace Hill provides industry-leading SaaS technology solutions designed to make a positive impact in real estate and improve the lives of people where they work and live. Harnessing years of real estate experience and the understanding that people are better together, Grace Hill helps owners and operators increase property performance, reduce operating risk and grow top talent. More than 500,000 professionals from over 1,700 companies rely on Grace Hill’s talent performance solutions covering policy, training, assessment, survey, and data-driven insights.  Visit us at gracehill.com or on LinkedIn