Outreach to candidates to initiate the interview process will begin the week of July 13th once resumes have been reviewed and considered.

About the Role

Caribou Corporate Technology

Maybe you came up through security - incident response, GRC, compliance programs - and over time took broader ownership of the tools and systems that make a company capable. Or you came up through IT and digital workplace leadership, and earned your security credentials by stepping into the function when your company needed it. Either path lands you in the same place: someone who can guide a senior security team, run the SaaS and AI tools portfolio, and build the enablement motion that turns licensed software into actual productivity.

On the security side, that means you've been the person who delivered a SOC 2 audit, not just the person in the room. You've tuned a SIEM, led an incident, and written GRC controls that held up under scrutiny. On the IT side, that means you've run a SaaS portfolio, built adoption programs that changed how people work, held real accountability for identity and access, and have the instinct to build an AI enablement program for employees who don't write code. What matters is that you've done both meaningfully, not which one came first.

You will own Caribou’s security and IT programs. Your team includes three senior security practitioners and a senior IT administrator. You set the direction, hold the strategy and vendor relationships, and keep the programs advancing.

We believe CTech works best as a partnership with employees, not a policing function - you'll keep it that way. This role reports directly to the CTO, designed for a leader who wants to evolve the function and grow their career alongside a rapidly scaling company.

Locations

Candidates are welcome to work remotely from the states of AZ, CO, DC, IL, MD, TX, and VA with a preference for the Chicago IL, Denver CO, or Phoenix AZ areas.  Caribou does provide the option to work in-office or hybrid from our Denver, CO or Chandler, AZ offices.  We may consider remote candidates in CA, FL, MA, NY, OR, WA, and WI, subject to additional approval. Eligibility by state is subject to change.  

Outcomes

Here's what success looks like in the first 12-18 months:

• Caribou's security posture advances year over year - the program has a roadmap, diligence reviews go smoothly, and findings reflect it
• SOC 2 Type II delivers clean with no surprises - systematic evidence collection, not a heroics sprint at audit time
• Detection and response capabilities improve measurably - SIEM, CrowdStrike, Wiz, and DLP are operationally sound and the team can say why
• GRC policy and control documents reflect how Caribou actually operates, not how it operated two years ago
• Licensed tools earn their keep - Google Workspace, Slack, Atlassian, Asana, 1Password, and Adobe are actively used, not just provisioned
• An operational AI enablement program that drives measurable adoption of licensed AI capabilities and a growing backlog of automated workflows
• IT operations run without drama - the MSP delivers, support is responsive, and productivity loss from tech issues stays low
• Every direct report has a growth plan, gets regular coaching, and is taking on more complex work than when you arrived
• The vendor portfolio - security and IT - delivers expected value and you can demonstrate it

Interview Roadmap:

• Recruiter phone interview (45 mins)
• At-home technical assessment (40-60 mins)
• Hiring Manager video interview (60 mins)
• Final interview loop (combined 4 hrs scheduled across 1-4 business days)

What We Look For

You don't need to check every box - if you bring most of these, we want to hear from you.

On the security side:

• You've delivered a SOC 2 Type II audit as the primary owner - the audit was yours to pass
• You've managed a detection and response function: SIEM tuning, EDR deployment, incident ownership
• You've built or maintained GRC policy and control documentation that held up under audit scrutiny
• You've worked in a regulated environment and understand how compliance obligations translate into operational controls
• You've managed security vendor relationships - EDR, CSPM, penetration testing firms - and can tell when a vendor isn't delivering

On the IT and digital workplace side:

• You've run a SaaS portfolio for a growing company - licensing, governance, adoption, and the shadow IT problem
• You've led an enterprise-wide software rollout end-to-end: implementation, adoption, and proof that features are delivering value
• You’ve researched, planned, or executed a rollout of enterprise AI tools and have ideas of how to do it better
• You've run identity and access management end-to-end - not just the policy, but the provisioning workflow and the audit evidence
• You've managed an MSP relationship and held them accountable to a service standard

How you lead and communicate:

• You manage people through the full lifecycle - hiring, developing, delivering hard feedback, and making the call when someone isn't growing
• You translate technical risk into business language without losing the precision that makes you credible with your team
• You sequence work - you know what to do first when everything feels urgent, and your team knows it too
• You build programs collaboratively with the people executing them, not around them
• You treat security and IT as a service to the rest of the company, not a gate in front of it

Nice to have:

• Experience deploying AI tools or low-code agent platforms to non-technical employees
• EDR/CSPM platform experience
• GLBA Safeguards Rule or NYDFS familiarity
• Fintech or financial services background

We value diverse paths into corporate technology leadership - consulting backgrounds, career changers, and candidates without four-year degrees have succeeded here - and we're actively building a team that reflects the communities we serve. Tell us what you've built.

Caribou is committed to providing reasonable accommodations throughout the hiring process. Please notify our talent acquisition team if you may need a reasonable accommodation in the interview process.

How We Will Take Care of You

Everyone at Caribou is a valued team member. Our compensation and benefits package includes:

• Competitive compensation: $171,000 - $214,000
• Eligible for annual performance-based Incentive
• Equity options
• 401k savings program
• Generous paid time off including Flexible Time Off (FTO) for all employees and 100% paid parental leave for all parents
• Company-paid plans for health, dental, vision, mental health, disability, and basic life insurance
• Optional benefits to suit your individual circumstances such as HSAs, FSAs, supplemental life and medical insurance, and pet insurance
• Up to $1,000 per year for eligible professional development expenses