About the role
As an IT Systems & Compliance Lead at YLD, you will own our internal IT operations, security posture, and regulatory compliance. You'll be the single point of accountability for how we provision, secure, and govern our corporate infrastructure and tooling, ensuring a seamless employee experience while meeting the rigorous compliance expectations of our clients.
This role spans hands-on technical work (identity management, device fleet, networking) and strategic governance (policy development, certification management, client-facing security assurance). It demands both technical depth and the ability to translate security requirements into pragmatic, user-friendly solutions.
This is a senior individual contributor role with full hands-on ownership. It does not include people management.
About You
You have a strong track record across IT operations and information security, with real experience implementing and maintaining compliance frameworks. You're comfortable administering identity and access systems, writing infrastructure-as-code, and drafting policies that people will actually follow. You understand that security exists to enable the business, not obstruct it, and you bring a pragmatic mindset to balancing protection with productivity.
Your day-to-day responsibilities will look like this
IT Operations & Support
- Manage day-to-day IT operations, including hardware inventory, procurement, and lifecycle management;
- Provide technical support to staff, resolving issues promptly to maintain productivity;
- Monitor and maintain office networking infrastructure (switches, routers, Wi-Fi) across multiple locations, ensuring reliability and security;
- Maintain accurate records of IT assets, software licences, and service subscriptions.
Identity, Access & Device Management
- Administer and evolve our identity stack: SSO/SAML, MDM, RADIUS, and directory services, integrated with our HR system as the source of truth for employee lifecycle events;
- Manage SSO integrations across core business services and enforce MFA across the estate;
- Implement seamless device onboarding with zero-touch enrolment;
- Own the declarative, infrastructure-as-code management of teams, roles, and access controls across third-party systems;
- Improve credential hygiene and employee experience through enterprise password management.
Network & Infrastructure Security
- Configure and manage our VPN infrastructure, including policy-as-code integration with identity and access controls;
- Conduct periodic reviews of plugins, integrations, and third-party access across all tools to minimise attack surface;
- Establish pragmatic, security-first defaults for our device fleet that balance protection with developer productivity.
Compliance, Policy & Governance
- Lead implementation and ongoing management of compliance frameworks: Cyber Essentials Plus, SOC 2, ISO 27001, ISO 9001, ISO 14001, and ISO 45001;
- Draft, maintain, and enforce the full suite of security and operational policies;
- Maintain a living catalogue of all SaaS services, documenting ownership, access management, data processing, and compliance status;
- Ensure GDPR compliance and readiness for equivalent data protection regulations;
- Evaluate and integrate GRC automation tooling with our policies and services where appropriate.
Security Assurance & Client Readiness
- Build and maintain a portfolio of security documentation, penetration test reports, and incident response exercises;
- Respond to client and prospect security questionnaires, RFPs, and due diligence requests;
- Conduct regular internal assessments against compliance frameworks, identifying gaps and driving remediation;
- Deliver security awareness training to staff and foster a culture of security mindfulness.
Vendor & Procurement Management
- Handle IT and security procurement, negotiating with vendors for hardware, software, and services;
- Manage vendor relationships and ensure compliance with SLAs and security requirements.
You’ll have the following skills and experience
- Proven experience (5+ years) in IT systems engineering, with meaningful exposure to information security and compliance;
- Strong practical knowledge of network administration;
- Hands-on experience administering SSO, MDM, and directory services at scale;
- Familiarity with declarative configuration and infrastructure-as-code (e.g., Terraform, similar tools) and CI/CD pipelines;
- Direct experience implementing or maintaining compliance frameworks such as ISO 27001, SOC 2, or Cyber Essentials;
- Experience drafting and enforcing IT and security policies;
- Solid understanding of GDPR and data protection principles;
- Extensive experience with IT procurement and vendor negotiations;
- Excellent analytical, troubleshooting, and communication skills;
- Ability to manage multiple workstreams in a dynamic environment.
You’ll be
- Self-motivated, proactive and always investigating how to improve and develop yourself;
- A good communicator, both in writing and verbally. You’ll be able to explain technical ideas and concepts in business-friendly language;
- Detail oriented;
- Problem-solving skills that balance innovation with pragmatic technology choices to solve business needs;
- Used to working in a team-oriented, collaborative environment;
- Analytical and problem-solving oriented;
- A genuine believer in diversity and fairness.
Our typical Recruitment Process looks like this:
- 1st Interview with someone from the Talent team (30/45 mins)
- 2nd Interview with COO and Head of Engineering (~1h15)
- 3rd Panel Interview - Deep-dive working session (1h30)
We live and breathe our values, and know you will too:
- Growing every day
- Including everyone
- Relationships built on honesty and ethics
- Inspiring solutions
- Winning together
We’re an equal-opportunity employer and value diversity in all its forms. We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, pregnancy or maternity, age, marital status, or disability. We also offer a remote-first working environment, with flexible working and work–life balance as standard for all employees.
