Information Security & IT Senior Manager

About Us

Our software solves the most critical emerging grid integration challenges to ensure that the impending energy transition is clean, equitable, and resilient. Our enterprise solutions help the grid absorb the electrification wave with ease. Utilizing modern, cloud-native platform architecture and robust systems optimization, WeaveGrid's software is built from the ground up to tackle the most critical network challenges while meeting the stringent regulatory, security, and reliability requirements of the utility industry.

About the Job

WeaveGrid is looking for a mission-driven, highly independent, action-oriented information security and information technology professional to oversee its InfoSec and IT functions. You will oversee the company's IT vendor(s), security and compliance, and drive AI and technology adoption within the business.

Key responsibilities include:

• Own and execute WeaveGrid's information security and IT program end-to-end - this is a high-impact, hands-on IC role.

• Maintain cloud security posture across AWS (IAM governance, configuration review, cloud-native security tooling)

• Own the corporate security control environment - EDR, email security, identity governance, network monitoring, DLP

• Oversee strategy and day-to-day management of our IT services contractor(s). Ensure operational excellence and intervene as needed to ensure timely responses to internal stakeholders.

• Serve as the internal technical owner of the corporate IT environment and escalation point for security-intersecting IT issues

• Manage SOC 2 Type II compliance across all five Trust Service Criteria, including auditor relationships and evidence collection

• Support CCPA and privacy compliance by monitoring and managing data subject access requests and the associated overarching process, applicable website technologies, and ad hoc privacy requests, in partnership with the Legal team.

• Own application security for our web and mobile products, including coordinating annual penetration tests and driving remediation with Engineering.

• Run the vulnerability management program - prioritization, tracking, and reporting.

• Manage incident response - maintain the IR plan, run tabletop exercises, and handle real incidents through to post-mortem.

• Maintain and test BC/DR plans in coordination with Engineering and Operations.

• Conduct and document quarterly access reviews across critical systems.

• Review security terms in vendor and customer contracts; complete customer security questionnaires; run vendor risk assessments.

• Help administer the personnel security program (security awareness training, onboarding/offboarding controls) in partnership with the People team.

• Lead the company's Information Security & IT Committee - evaluating tools, defining acceptable use, and managing data exposure risk across sanctioned tools, including AI platforms

• Drive AI and new technology adoption within WeaveGrid, engaging internal and external stakeholders as applicable

About You

Qualifications

Required

• 7+ years in information security with meaningful program ownership experience

• Experience at a growth-stage startup company, ideally as a primary security practitioner

• Experience providing or overseeing IT services

• Obsessed with client service and meeting internal SLAs

• Hands-on SOC 2 Type II experience - you've run an audit, not just supported one.

• Familiarity with leading security and compliance governance tools (i.e. Vanta, Drata, OneTrust).

• Working knowledge of CCPA and US data privacy requirements

• Experience reviewing contractual security requirements.

• Deep interest in and knowledge of leading AI tooling, as applicable to early-stage startups.

• Proven track record driving security, compliance, and/or technology change within a fast-paced organization.

• Familiarity with AI security risks and SaaS AI governance

Preferred

• Experience or familiarity with ISO 27001, NIST 800-53, NERC CIP, OWASP.

• Comfortable writing Bash scripts for automation and MDM enforcement tasks

• Strong written communication - you can brief an exec and write audit-ready documentation

• CISSP, CISM, or equivalent

The total compensation for this opportunity includes a base salary range of $115,000 - $163,000 plus equity (stock options) and benefits. This is our target compensation range and is subject to multiple factors including role, level, experience, skill, and location. As you go through our interview process, our recruiter will work with you to identify a competitive base salary within the proposed range and combine it with an equity package to get you excited about your future at WeaveGrid.