Director of IT & Security

ABOUT OMATIC SOFTWARE 

Omatic Software helps nonprofits connect their data and unlock the full potential of their technology investments. We build integration and data management solutions that allow mission-driven organizations to spend less time wrestling with systems and more time doing work that matters. Our IT & Security Team is critical in ensuring Omatic's success by establishing an unshakeable security and privacy posture and driving the continuous compliance attestations that validate our customers' trust. 

THE OPPORTUNITY 

This is a high-impact leadership role for someone who wants to shape the technology, security, and compliance foundation of a mission-driven technology company serving the nonprofit sector. As Director of IT & Security, you will lead the systems, practices, and safeguards that enable Omatic’s teams to work securely, efficiently, and confidently — while helping our customers trust that their data is protected. You’ll partner closely with leaders across Product Development, Infrastructure, Sales, Legal, and Customer Experience to ensure Omatic’s technology environment supports growth, innovation, and customer confidence. 

In this role, you’ll have the opportunity to balance strategic leadership with hands-on execution. You’ll guide IT operations, security governance, compliance readiness, vendor risk, business continuity, and the responsible use of AI across the organization. From strengthening our security posture and leading audit readiness to supporting customer conversations and improving the employee technology experience, you’ll play a visible and trusted role in helping Omatic scale thoughtfully while staying true to its mission and values. 

WHAT YOU'LL DO 

Information Technology (IT) 

• Develop and maintain IT systems architecture and define the standards and protocols for data exchange, communications, software, and interconnections. 
• Establish, coordinate, and administer a plan for IT operations, including IT training and technical support, together with necessary controls and procedures. 
• Provide advice on evaluation, selection, implementation, and maintenance of information systems, ensuring appropriate investment in strategic and operational systems. 
• Negotiate all IT system and SaaS acquisition contracts, soliciting involvement and participation of other management team members as appropriate. 
• In conjunction with the COO, coordinate IT reviews and endorses strategic IT plans, budget proposals, and proposed changes. 
• Ensure that all personnel are appropriately trained in the usage of all IT products and services to effectively carry out their responsibilities. 
• Oversee the secure procurement, account provisioning, and life-cycle management of corporate AI software, including platform configurations, plugins, skills, and developer connectors (e.g., Claude, Gemini). 
• Direct hardware lifecycle management, including strategic enterprise laptop refresh cycles, to optimize Total Cost of Ownership (TCO) and departmental budgeting. 
• Oversee Identity and Access Management (IAM) infrastructure, driving internal Single Sign-On (SSO) adoption and advising customer-facing SSO deployments (e.g., Auth0). 
• Manage IT department team members across all areas of training and support, operations, and project management. 

Security 

• Assure protection for the information assets of the business through internal control, internal auditing, IT security, recovery procedures and assures proper insurance coverage. 
• Develop and maintain a business IT recovery plan to ensure timely and effective restoration of IT services in the event of a disaster. 
• Serve as lead to the Security and Compliance Team (a cross-departmental team). 
• Establish and enforce advanced AI Security and Governance guardrails to mitigate risks such as intellectual property exposure, source code leakage, and supply-chain vulnerabilities within the development lifecycle (e.g., working with Infrastructure and Product teams to secure AI integrations). 
• Administer and enforce vulnerability remediation SLAs across the secure SDLC, ensuring pen test, SAST, and DAST findings are remediated. Working with Infrastructure and Product Development to ensure SAST scan procedures are followed for all PRs. 
• Direct the corporate Security and Privacy awareness programs, including mandatory annual training, HIPAA training, and continuous phishing simulations (e.g., KnowBe4). 
• Architect, lead, and document annual Business Continuity and Disaster Recovery (BCDR), Incident Response, and Physical Office tabletop exercises. 
• Evaluate and deploy advanced threat protection mechanisms. 
• Collaborate with Legal and Sales to negotiate complex customer contractual nuances, including Data Protection Agreements (DPAs), Business Associate Agreements (BAAs), and strict geographical access restrictions. 

• Coordinate the activities related to Omatic's annual audits (SOC 2 Type II, HIPAA, TX-RAMP, and other audits that may apply). 
• Ensure that enterprise information systems operate according to internal standards, external accrediting agency standards, and legal requirements. 
• Perform annual vendor management reviews and documenting evidence for other audit controls in Omatic’s GRC platform (Drata). 
• Manage and update Omatic’s Trust Center as needed to provide customers with a transparent view of Omatic’s Security/Privacy posture. 
• Map, track, and document AI usage, policies, and sub-processors within the GRC platform (Drata) to maintain continuous 3rd-party attestation readiness. 
• Maintain and update customer-facing security/privacy/compliance information and FAQ documentation within the SafeBase Trust Center to accelerate enterprise customer risk assessments. 
• Monitor emerging multi-regional data privacy laws and contractual nuances regarding data processing, machine learning, and AI workloads; follows Omatic’s Third-Party Risk Management (TPRM) Policy to review new systems and AI prior to implementation. 
• Coordinate cross-departmental notifications for production sub-processor changes to maintain strict adherence to privacy law "right to be notified" obligations. 
• Oversee and update the annual HECVAT full as needed when updates are required based on Omatic Cloud features/updates. 

WHAT YOU BRING 

Required 

• A bachelor's degree in information technology or computer science 
• 10 years of related work experience 
• 4 or more years in an information security management or team lead role 
• CISSP or CISM certification  
• Experience with Microsoft, Mac, and Linux is required 
• Strong analytical and organizational skills 
• Excellent written and verbal communication skills 
• Team-oriented approach to work 
• The successful candidate should be comfortable and able to jump in when needed to help the IT team with tickets, lead Security and Compliance meetings, and review/update policy and GRC as needed. 

Preferred 

• Proficient AI Security and Governance knowledge, and specifically understanding of Claude skills, plugins, connectors, and Claude Code usage. 
• CCSP or CIPM certification 
• Experience working with sales teams to assist them in closing deals through meeting with customers to discuss Omatic’s Security/Privacy posture. 
• Experience working with Developers/Infrastructure teams and secure SDLC (SAST, DAST, SCA, annual pen test findings remediated). 

WHAT SUCCESS LOOKS LIKE 

In your first 90 days, you'll have built strong relationships with your team and key stakeholders across Omatic (Sales, Product Development, Infrastructure, Customer Experience) and gained deep familiarity with Omatic's product suite, SDLC, and Omatic's Security/Privacy posture.   

Within six months, you will understand and own Omatic’s security, privacy, and compliance architecture.  You will be actively navigating complex customer contractual negotiations as needed in assisting the sales team to ensure adherence to multi-regional data privacy laws and leveraging continuous compliance platforms (Drata) and the SafeBase Trust Center to provide transparent 3rd-party attestations of organizational integrity.  You will be working cross-functionally with Engineering on security/privacy/compliance for Omatic Cloud. 

ROLE DETAILS 

WHY OMATIC 

• Mission-driven company making a real impact in the nonprofit sector 
• Collaborative, low-ego culture that values results and continuous improvement 
• High visibility role with direct C-suite exposure and room to grow 
• Competitive compensation, benefits, and flexible work environment 
• A team that genuinely cares — about customers, each other, and the work 

Powered by JazzHR