Head of IT & Security Operations
120Water
About the Role
120Water is hiring our first dedicated IT & Security leader to own and mature our internal technology and security operations as we scale.
The Head of IT & Security Operations is responsible for day-to-day execution and long term ownership of internal IT systems, security tooling, vendor relationships, and security framework readiness protecting and administrating the company’s systems, data, and people while enabling secure, scalable technology operations. This role owns information security operations, corporate IT infrastructure, compliance support, and contributes to internal technology strategy, partnering closely with Engineering, Product, Legal, and Operations.
This is a leadership role that combines security strategy, risk management, and practical execution to support company growth and customer trust.
Key Responsibilities
IT & Internal Systems
- Own the administration, reliability, and security of internal IT systems
- Serve as primary IT escalation point
- Support procurement and vendor selection and lead onboarding / offboarding workflows
- Evaluate and implement new tools to improve productivity and security
- Manage vendor relationships and contracts related to IT and security
- Create and maintain an inventory of systems, tools, vendors, and access
- Standardize approved systems and tools across the organization to reduce sprawl
Security Operations & Risk Management
- Act as internal security point of contact
- Own internal security operations and hygiene
- Develop, implement, and maintain the company’s information security program - including security policies, standards, and procedures across the organization
- Manage and implement security tooling across the organization
- Identify, assess, and mitigate security risks across systems, vendors, and processes
- Maintain incident response documentation; member of the incident response team
- Coordinate vulnerability management, penetration testing, and remediation efforts with internal teams and external partners
- Ensure secure access controls, identity management, and endpoint security
Compliance & Trust
- Own day-to-day execution and coordination of the company’s GovRAMP authorization effort, partnering with leadership, internal teams, and external advisors to meet an August 1, 2026 target
- Support other compliance / security initiatives, such as SOC II or customer security assessments
- Maintain documentation and evidence required for audits and certifications
- Monitor regulatory and industry security requirements relevant to the business
Leadership, Strategy & Enablement
- Define and maintain security and IT roadmap aligned with company goals
- Act as internal owner for IT and Security, be our subject matter expert
- Educate employees on security best practices through training and awareness programs
- Establish lightweight metrics and reporting for security posture, incidents, and IT performance
- Partner with Company Leadership on future resourcing
Qualifications
Required
- 5+ years of experience in information security, security operations, IT, or related roles
- Experience owning or being the primary operator for security and/or IT programs in a SaaS or technology-driven environment
- Strong understanding of:
- Identity and access management
- Endpoint security and device management
- SaaS / Vendor management
- Experience supporting security compliance frameworks (e.g., GovRamp, SOC 2)
- Comfort operating as first or sole owner
- Ability to communicate security concepts clearly to technical and non-technical audiences
Preferred
- Prior experience as a Security Manager or similar ownership role
- Experience selecting or working with an MSP
- Familiarity with, or comfort navigating, privacy regulations (e.g., GDPR, state privacy laws)
- Experience working with startups or high-growth companies