VP of IT & InfoSec

About Improvado

Improvado is an AI-powered marketing data platform built for mid-market and enterprise teams. We help companies automate complex marketing data workflows, unify data at scale, and surface insights through BI and AI. Brands like ASUS, Docker, Activision, and H&R Block rely on us to simplify analytics and improve marketing performance. We’re a fast-growing Series A startup backed by $34M in funding and driven by a team that moves fast, stays curious, and cares about high-quality execution.

About The Role

Improvado is looking for a VP of IT & InfoSec to lead and scale our information security, data privacy, IT operations, and internal technology function. This is a leadership role responsible for protecting Improvado's infrastructure, client data, and business reputation — while enabling the company to close enterprise deals faster by being a trusted security partner. You will be the single point of accountability for all things security and IT: enterprise client security engagements, compliance frameworks, vendor and SaaS stack governance, IT automation and infrastructure, privacy regulations, and internal technology operations.

What You'll Own

Client & Enterprise Security

• Serve as the primary Improvado representative in client-facing security reviews, audits, and questionnaires (SOC 2 Type II, ISO 27001, TPRM, vendor risk assessments)
• Respond to enterprise client security findings — triaging severity, committing to remediation timelines, and following through to resolution
• Join customer calls (Gong, Zoom) for security deep-dives, answering technical questions from client InfoSec, Legal, and Procurement teams
• Build trust with enterprise clients' security teams to unblock or accelerate deals (e.g., Credit Karma, FordDirect, GSK)
• Own and maintain security documentation packages: SOC 2 reports, DPAs, penetration test results, security questionnaires, and compliance attestations

Information Security Program

• Define and maintain Improvado's security posture across cloud infrastructure (AWS, GCP), SaaS stack, and data pipelines
• Own vulnerability management, penetration testing cycles, and remediation tracking
• Develop and enforce security policies, access control standards, and incident response playbooks
• Lead internal security audits and manage external audit relationships
• Drive security awareness training and phishing simulation programs across the organization

AI & Product Security

• Own the security posture for Improvado's AI products — AI Agent (MCP), Chrome Extension, and internal AI tooling
• Lead security reviews for new AI product features, ensuring privacy-by-design and secure data handling
• Manage the security aspects of AI product rollout to customers (MCP deployment, access control, data isolation)
• Advise engineering teams on secure architecture for AI/ML pipelines, LLM integrations, and agent frameworks
• Respond to enterprise security questionnaires specific to AI capabilities and data processing

Data Privacy & Compliance

• Ensure compliance with GDPR, CCPA, and other applicable privacy regulations
• Maintain and update privacy policies, data processing agreements (DPAs), and records of processing activities (ROPAs)
• Partner with Legal and Customer Success on DPA negotiations with enterprise clients
• Advise product and engineering teams on privacy-by-design principles for new features and data flows
• Own the external-facing compliance posture — ensuring all customer-facing documentation is current and accurate

Vendor & SaaS Stack Management

• Own the company-wide SaaS vendor portfolio — procurement, renewals, license optimization, and cost governance
• Conduct vendor security assessments for new and existing tools before onboarding
• Manage vendor relationships and contract negotiations for IT and security tooling
• Maintain a vendor registry with risk ratings, contract terms, and renewal schedules
• Evaluate and recommend new tools that improve security posture or operational efficiency

IT Operations & Infrastructure

• Oversee IT infrastructure, endpoint management, and employee access lifecycle (onboarding → offboarding)
• Manage MDM, SSO, zero-trust tooling, and Google Workspace administration across the organization
• Own hardware procurement, device provisioning, and asset management
• Drive employee onboarding IT setup: account creation, security credentials, access provisioning, tool setup
• Manage IT helpdesk operations — ensuring timely resolution of employee technical issues

IT Automation & Internal Tooling

• Lead the IT automation function — building and maintaining automations that reduce manual IT work
• Drive automation of employee onboarding/offboarding workflows, access provisioning, and recurring IT tasks
• Oversee development of internal tools and scripts that improve IT operations efficiency
• Identify opportunities to automate security and compliance processes (monitoring, alerting, reporting)

Budget & Cost Management

• Own the IT and InfoSec budget — planning, tracking, and optimizing spend on tools, infrastructure, and services
• Report on IT/security spend to executive team with clear ROI justification
• Identify cost-saving opportunities through vendor consolidation, license optimization, and automation

What You Bring

• 8+ years in information security, with at least 3 years in a senior leadership role
• Hands-on experience managing enterprise security audits and client-facing security engagements at scale
• Deep familiarity with SOC 2 Type II, ISO 27001, and privacy regulations (GDPR, CCPA)
• Experience with AI/ML product security — understanding of LLM risks, data isolation, and secure agent architectures
• Strong background in SaaS vendor management, procurement, and license governance
• Experience managing cloud infrastructure security (AWS, GCP) and identity/access management (IAM)
• Proven ability to build and manage IT operations teams (helpdesk, automation, infrastructure)
• Ability to translate complex security findings into clear, business-friendly communication for executives and clients
• Excellent written and verbal communication — you can present to a CISO at a Fortune 500 client with confidence
• CISSP, CISM, or equivalent certification is a plus

Key Metrics

• Time to complete enterprise security reviews and questionnaires
• Number of security findings in customer audits (target: zero critical)
• SaaS vendor compliance coverage and cost optimization
• IT automation coverage — % of manual IT processes automated
• Mean time to resolve IT support tickets
• Security incident response time and remediation SLA adherence

What We Offer

• Remote-first environment
• Strong product/market fit: marketing data product for US-based enterprises
• 20 working days of PTO per year
• US holidays and additional days off
• Extremely fun & open startup environment
• Professional development reimbursement

Key skills/competency

• Information Security Leadership
• IT Operations Management
• Data Privacy and Compliance (GDPR, CCPA)
• Cloud Security (AWS, GCP)
• AI and Product Security
• Vendor Risk Management
• Security Audits and Certifications (SOC 2, ISO 27001)
• Incident Response
• IT Automation
• Security Policy Development