IT Manager

Velixo builds Excel-native financial reporting and data automation tools used by hundreds of mid-market finance teams worldwide. Our software integrates with leading ERPs — Acumatica, Sage Intacct, MYOB Acumatica, and Microsoft Dynamics 365 Business Central — and our customers rely on us to handle sensitive financial data with absolute integrity. Information security is not a side function at Velixo; it is core to the trust our customers place in us.

As IT Manager, you own Velixo's internal information security posture and IT operations. You will be the operational lead for our SOC 2 program, the steward of access controls across our environment, and the person who ensures our systems, vendors, and people are configured for security and reliability by default. You will report to the COO and partner closely with the CTO and R&D. Velixo does not have a separate DevOps function today, so this role also owns the operation of production infrastructure on behalf of R&D — managing it directly while serving the engineering team's pace and needs. This requires strong cross-functional collaboration and high mutual trust. You will also engage external auditors and security advisory partners on an as-needed basis.

This is a hands-on role for a security-minded operator who is equally comfortable drafting a policy, running an access review, hardening a server, configuring a monitoring alert, and onboarding a new hire's laptop.

• Own Velixo's information security program end to end: policies, controls, evidence, and continuous improvement.
• Lead the operational execution of SOC 2 Type II and prepare the organization for additional frameworks (ISO 27001, regional standards) as the business expands.
• Coordinate audit cycles with external auditors: scoping, evidence collection, remediation tracking, and reporting.
• Maintain the security policy set, incident response playbooks, and the risk register.
• Run a regular cadence of access reviews, vendor security reviews, vulnerability assessments, and tabletop exercises.
• Govern document management security on SharePoint and the broader Microsoft 365 estate: permissions, external sharing controls, sensitivity labels, and data loss prevention.
• Monitor security events, investigate anomalies, and drive timely remediation across the organization.

• Administer the identity provider (Microsoft Entra ID / Azure AD), SSO, MFA, and conditional access policies.
• Enforce least-privilege access across all corporate and business systems.
• Ensure access is granted, modified, and revoked promptly when employees join, change roles, or leave, with documented evidence of every change.

• Own the IT lifecycle for every employee: laptop provisioning, account creation, access grants, security training, and clean offboarding.
• Maintain an accurate asset inventory and equipment recovery process.

• Maintain the SaaS and software license inventory; track usage, renewal dates, and contract terms.
• Manage renewals and IT procurement; partner with Finance to track IT spend and forecast.
• Drive rationalization of overlapping or underused tools.
• Own vendor relationships for IT and security tooling.

• Manage Velixo's server estate across Proxmox and our AWS / Azure footprint: provisioning, configuration, patching, hardening, and lifecycle management.
• Operate the foundational sys admin layer: Linux and Windows server administration, DNS, certificate management, firewalls, and Cloudflare Zero Trust (Access, WARP, Tunnels) for identity-aware secure remote access.
• Stand up and operate monitoring, logging, and alerting across all environments — including production — to deliver the security, availability, and audit signals required by SOC 2 and our internal standards.
• Manage SIEM and log retention to support continuous monitoring controls, incident investigation, and audit evidence.
• Install and support business software used by internal teams.
• Perform regular system and network assessments to identify risks, capacity issues, and modernization opportunities.

• Operate Velixo's production cloud infrastructure (AWS and Azure) on behalf of R&D: provisioning, configuration, scaling, deployment, and day-to-day operational stewardship.
• Act as the trusted privileged operator for production infrastructure: hold and exercise elevated access with appropriate controls, evidence, change management, and segregation of duties.
• Provide escalation and on-call support for production infrastructure issues outside the application layer.

• Own the selection, configuration, and operation of backup tools and processes for internal systems.
• Maintain and regularly test the Disaster Recovery Plan: define RTO / RPO targets, run scheduled restore drills, and document outcomes for audit and continuous improvement.
• Ensure backup coverage and retention align with our security, contractual, and compliance obligations.

• Provide technical support to internal users across the company: troubleshoot hardware, software, connectivity, identity, and SaaS access issues.
• Be the escalation point for harder problems the rest of the team cannot resolve.
• Build a small but effective self-service knowledge base so common issues get solved without a ticket.

• Document procedures, runbooks, and configurations to a standard that auditors and successors can follow.
• Identify and automate repetitive IT operations work.

• 8+ years of progressive IT and information security experience, including 3+ years in a senior IT/security role with direct ownership of the security program.
• End-to-end ownership of at least one SOC 2 Type II cycle as the operational lead (not contributor), from readiness through audit and remediation.
• Experience leading at least one real security incident or material near-miss as the responsible adult in the room.
• Strong working knowledge of identity and access management (Microsoft Entra ID / Azure AD, or equivalent), SSO, MFA, and conditional access.
• Practical experience with MDM (Intune, Jamf, or similar) and endpoint security tooling.
• Hands-on experience operating production cloud infrastructure on AWS and Azure — including deployment automation, infrastructure-as-code, CI/CD pipelines, and on-call operational ownership — plus virtualization on Proxmox or comparable platforms.
• Hands-on Linux and Windows server administration depth.
• Demonstrated experience standing up and operating monitoring, logging, and alerting platforms (e.g., Datadog, Grafana / Prometheus, Azure Monitor, CloudWatch, or equivalent) and SIEM tooling.
• Solid grounding in networking fundamentals and firewalls. Hands-on experience with Cloudflare Zero Trust (Access, WARP, Tunnels) is strongly preferred; equivalent ZTNA platform experience considered.
• Track record of managing SaaS and software license portfolios in a growing organization, including renewal negotiation.
• Excellent written communication; comfortable producing policies, procedures, and audit-grade evidence.
• Demonstrated ability to operate effectively at the intersection of IT/security and engineering organizations — earning trust, navigating scope ambiguity, and building durable working relationships with technical peers.
• Bilingual French / English (oral and written).

• Security certifications such as CISSP, CISM, CISA, or Security+.
• Experience supporting a fully distributed workforce.
• Microsoft 365 administration depth.
• Scripting / automation experience (PowerShell, Python, or similar).
• Familiarity with the SaaS or ERP ecosystem.

• You treat IT and security as a craft, not a ticket queue.
• You default to documentation, repeatability, and automation.
• You make pragmatic decisions in a fast-moving environment and bring options with recommendations, not just options.
• You build strong working relationships across functions. Because this role operates production infrastructure on behalf of R&D, you serve engineering's pace and needs while holding the line on the controls that keep Velixo secure.
• You operate with high discretion: you will have privileged access to sensitive systems and information, and we trust you to use it accordingly.

• A high-trust environment where IT and security are taken seriously and resourced accordingly.
• Direct exposure to the COO and the executive team; a clear seat at the table for security decisions.
• The opportunity to shape Velixo's security and IT function as we scale.
• Competitive compensation, benefits, and group insurance.
• Modern equipment and the tools you need to do the work properly.