IT Security Manager

About EdVisorly

EdVisorly is the industry-leading AI Enrollment Platform transforming higher education. In close partnership with institutions nationwide, we leverage AI to streamline admissions processes and deliver clarity and consistency across enrollment operations. Guided by a people-first innovation framework, we equip our partners to modernize their processes and strengthen the student experience. Our mission is to reduce barriers for students and create a more transparent, equitable path to degree completion.

About the Role

As EdVisorly’s first internal security hire, you will own security operations end-to-end—including governance and compliance, identity and access modernization, security tooling configuration, managed security service coordination, and policy development. You will serve as the primary liaison to both our managed IT provider and our vCISO for strategic direction. In your first year, this is a hands-on builder role: you’ll deploy tools, draft policies, and stand up foundational operational practices. As the team grows, this position will evolve into a lead role with direct management responsibility.

The work you do at EdVisorly directly protects 200+ higher education institutions and the students whose data flows through our platform. Security is a core sales enabler at EdVisorly, and this position makes that possible.

What You’ll Do

✅ Own EdVisorly’s day-to-day security program, translating vCISO direction into outcomes across identity, detection, data, and application security

✅ Maintain and evolve the SOC 2 Type II compliance program—evidence collection, control mapping, policy updates, audit preparation

✅ Draft, update, and operationalize security policies and procedures, ensuring documentation reflects real practices and company-wide acknowledgment

✅ Develop and maintain incident response runbooks; serve as incident coordinator during events, escalating to the vCISO as needed

✅ Lead deployment and configuration of identity and access management tools (SSO, Adaptive MFA), establishing and enforcing the company's identity perimeter

✅ Directly own and administer identity, MFA, and email security tooling; partner with managed IT and Engineering to ensure security across all platforms

✅ Coordinate with the MSSP on alert triage and access provisioning/deprovisioning, including governance and break-glass procedures

✅ Serve as the primary security liaison to MilesIT, ensuring managed IT aligns with security policies and SOC 2 requirements

✅ Design and maintain a vendor risk management intake process, including questionnaires and a critical vendor register updated quarterly

✅ Support HR and Legal with role-based hiring security controls, background screenings, and provisioning gates

✅ Manage the security awareness program—review effectiveness, refresh content, and conduct annual tabletop exercises

✅ Hold regular security office hours, fostering a culture of shared ownership and security

You Might Be a Fit If...

Required:

⭐ 5+ years of information security experience, with direct ownership of security programs or workstreams

⭐ Hands-on experience with SOC 2 Type II (personally led or co-led audit cycles)

⭐ Demonstrated ability to draft and implement security policies, standards, and procedures from scratch

⭐ Experience configuring/managing security tools in a cloud-first environment (EDR, WAF, DNS security, SIEM/logging, or equivalent)

⭐ Familiarity with identity and access management tools (Okta or equivalent SSO/MFA platforms)

⭐ Strong written and verbal communication, able to explain security risks to non-technical audiences

⭐ Comfort operating with high autonomy and minimal oversight in a fast-paced, ambiguous environment

Preferred:

⭐ Experience in SaaS, edtech, or higher education, particularly with FERPA-adjacent or student data privacy

⭐ Prior mentoring experience or ability to transition into a direct manager as the team grows

⭐ Familiarity with managed security service providers and escalation workflows

⭐ Knowledge of cloud security fundamentals (GCP, AWS, IAM, Security Command Center, GuardDuty, S3 policy, etc.)

⭐ Exposure to application security concepts (SAST, SCA, secure SDLC)

⭐ Experience with vendor risk management programs (questionnaire design, third-party access tiering)

⭐ Relevant certifications: CISSP, CISM, GSEC, GCIH, or similar GIAC credentials

Why EdVisorly

✨ Shape the future of higher education through technology, data, and design
✨ Work with a mission-driven team that values integrity, teamwork, and excellence
✨ Directly advance equitable access and opportunity for students nationwide
✨ Grow your career as our company and security program scale

Disclosure

EdVisorly is a diverse and inclusive workplace that reflects our students and academic partners. We encourage individuals from all backgrounds, ages, abilities, and experiences to apply.