About Velixo

Velixo builds Excel-native financial reporting and data automation tools used by hundreds of mid-market finance teams worldwide. Our software integrates with leading ERPs — Acumatica, Sage Intacct, MYOB Acumatica, and Microsoft Dynamics 365 Business Central — and our customers rely on us to handle sensitive financial data with absolute integrity. Information security is not a side function at Velixo; it is core to the trust our customers place in us.

The Role

As IT Manager, you own Velixo's internal information security posture and IT operations. You will be the operational lead for our SOC 2 program, the steward of access controls across our environment, and the person who ensures our systems, vendors, and people are configured for security and reliability by default. You will work closely with the COO, the engineering organization, and — on an as-needed basis — external auditors and security advisory partners.

This is a hands-on role for a security-minded operator who is equally comfortable drafting a policy, running an access review, provisioning a VM, and onboarding a new hire's laptop.

Key Responsibilities

Security & Compliance 

• Own Velixo's information security program end to end: policies, controls, evidence, and continuous improvement.
• Lead the operational execution of SOC 2 Type II and prepare the organization for additional frameworks (ISO 27001, regional standards) as the business expands.
• Coordinate audit cycles with external auditors: scoping, evidence collection, remediation tracking, and reporting.
• Maintain the security policy set, incident response playbooks, and the risk register.
• Run a regular cadence of access reviews, vendor security reviews, vulnerability assessments, and tabletop exercises.
• Govern document management security on SharePoint and the broader Microsoft 365 estate: permissions, external sharing controls, sensitivity labels, and data loss prevention.
• Monitor security events, investigate anomalies, and drive timely remediation across the organization.

Access Control & Identity

• Administer the identity provider (Microsoft Entra ID / Azure AD), SSO, MFA, and conditional access policies.
• Enforce least-privilege access across all corporate and business systems.
• Ensure access is granted, modified, and revoked promptly when employees join, change roles, or leave, with documented evidence of every change.

Employee Onboarding & Offboarding

• Own the IT lifecycle for every employee: laptop provisioning, account creation, access grants, security training, and clean offboarding.
• Maintain an accurate asset inventory and equipment recovery process.

Software & License Management

• Maintain the SaaS and software license inventory; track usage, renewal dates, and contract terms.
• Manage renewals and IT procurement; partner with Finance to track IT spend and forecast.
• Drive rationalization of overlapping or underused tools.
• Own vendor relationships for IT and security tooling.

Infrastructure & Systems Operations (Non-Production)

• Manage non-production server environments: VM provisioning, configuration, patching, and lifecycle across Proxmox and our AWS / Azure footprint.
• Install and support business software used by internal teams.
• Perform regular system and network assessments to identify risks, capacity issues, and modernization opportunities.

Backup & Disaster Recovery

• Own the selection, configuration, and operation of backup tools and processes for internal systems.
• Maintain and regularly test the Disaster Recovery Plan: define RTO / RPO targets, run scheduled restore drills, and document outcomes for audit and continuous improvement.
• Ensure backup coverage and retention align with our security, contractual, and compliance obligations.

Internal User Support

• Provide technical support to internal users across the company: troubleshoot hardware, software, connectivity, identity, and SaaS access issues.
• Be the escalation point for harder problems the rest of the team cannot resolve.
• Build a small but effective self-service knowledge base so common issues get solved without a ticket.

Documentation & Continuous Improvement

• Document procedures, runbooks, and configurations to a standard that auditors and successors can follow.
• Identify and automate repetitive IT operations work.

What You Bring

Required

• 8+ years of progressive IT and information security experience, including 3+ years in a senior IT/security role with direct ownership of the security program.
• End-to-end ownership of at least one SOC 2 Type II cycle as the operational lead (not contributor), from readiness through audit and remediation.
• Experience leading at least one real security incident or material near-miss as the responsible adult in the room.
• Strong working knowledge of identity and access management (Microsoft Entra ID / Azure AD, or equivalent), SSO, MFA, and conditional access.
• Practical experience with MDM (Intune, Jamf, or similar) and endpoint security tooling.
• Experience managing virtualized environments — Proxmox plus cloud VMs in AWS and Azure.
• Solid grounding in networking fundamentals, firewalls, and secure remote access.
• Track record of managing SaaS and software license portfolios in a growing organization, including renewal negotiation.
• Excellent written communication; comfortable producing policies, procedures, and audit-grade evidence.

Nice to Have

• Security certifications such as CISSP, CISM, CISA, or Security+.
• Experience supporting a fully distributed workforce.
• Microsoft 365 administration depth.
• Scripting / automation experience (PowerShell, Python, or similar).
• Familiarity with the SaaS or ERP ecosystem.
• Bilingual French / English (oral and written).

How You Work

• You treat IT and security as a craft, not a ticket queue.
• You default to documentation, repeatability, and automation.
• You make pragmatic decisions in a fast-moving environment and bring options with recommendations, not just options.
• You operate with high discretion: you will have privileged access to sensitive systems and information, and we trust you to use it accordingly.

What We Offer

• A high-trust environment where IT and security are taken seriously and resourced accordingly.
• Direct exposure to the COO and the executive team; a clear seat at the table for security decisions.
• The opportunity to shape Velixo's security and IT function as we scale.
• Competitive compensation, benefits, and group insurance.
• Modern equipment and the tools you need to do the work properly.