Back to jobs
New

Director of IT & Security

Boston, MA

Paperless Parts is a SaaS startup helping manufacturers quote faster and win more work. From rockets to medical devices, we power the parts that move the world forward.
 
This position requires activities that are subject to US Export Control Laws and require US Citizenship or Green Card Holder.

Summary 

As the Director of IT and Security at Paperless Parts you'll own the intersection of corporate IT, engineering enablement, and enterprise security. Reporting directly to our CISO, you’ll have real, day-to-day proximity to the teams whose productivity and security posture you are shaping.

This is a full-time position based in Boston, MA and requires on-site presence, with a hybrid schedule as needed.  

 

## What You'll Own

**Corporate IT and Infrastructure**

- Own the architecture, reliability, and roadmap for our corporate IT environment

- Lead procurement, deployment, and lifecycle management of endpoint and SaaS tooling

- Design for developer experience as a first-class outcome, not an afterthought

- Drive efficiency through automation: access provisioning, onboarding/offboarding workflows, and configuration management

 

**Security and Compliance**

- Own enterprise security controls: detection, response, access management, and data protection for our internal environment

- Manage the corporate side of our FedRAMP Moderate compliance program, including the boundary relationship between corporate IT and the product authorization boundary

- Champion compliance and configuration as code, treating policy and security controls as versioned, auditable artifacts rather than manual processes

- Lead audit readiness, vendor security reviews, and security awareness programs

- Partner with the product security team on shared risk surfaces

 

**Engineering Integration**

- Embed meaningfully in Engineering workflows rather than operating as a separate function

- Default to ownership: operate without boundaries, pick up what falls between functions, and treat security outcomes as shared responsibility

- Serve as a credible technical peer to engineering leads on infrastructure decisions, tooling choices, and compliance tradeoffs

 

**AI Corporate Tooling and Enablement**

- Drive adoption of our AI tooling across the company: rollout planning, communication, and ongoing evaluation of effectiveness

- Design and drive an AI literacy program: training, office hours, and internal documentation so teams beyond Engineering can use AI tools effectively and safely

- Measure and report on adoption and impact of AI tooling initiatives to leadership

 

**Team and Organizational Leadership**

- Manage and develop an IT IC, providing mentorship and clear career growth pathways

- Build a function that scales: document playbooks, establish repeatable processes, and hire ahead of need

- Represent IT and Security in cross-functional conversations about infrastructure investment, risk tolerance, and compliance priorities

 

## What We're Looking For

**Experience**

- 8+ years in IT, security, or a combined role, with at least 3 years in a leadership position

- Demonstrated experience scaling IT and/or security at a high-growth company, ideally from startup scale through a significant expansion

- Hands-on familiarity with FedRAMP Moderate, SOC 2, or comparable compliance frameworks

- Fluency with infrastructure and configuration as code practices (e.g., policy-as-code, automated provisioning, GitOps-style change management)

- Experience managing and developing early-career IT and security professionals

- Experience driving adoption of new tooling or technology across a non-technical or mixed technical/non-technical population, including designing training or enablement programs

 

This is a pivotal hire. We're expanding our IT leadership role to encompass enterprise security, and we're looking for a leader with the technical depth and strategic instincts to grow with that scope.

--

## The Role and Mindset

As Director of IT & Security, you'll own the intersection of corporate IT, engineering enablement, and enterprise security. You'll report to our CISO and sit within Engineering, which means you'll have real proximity to the teams whose productivity and security posture you're shaping.

 

Your core focus is enterprise security and corporate IT. But we're one team, and the best version of this role contributes broadly: helping engineers ship securely, supporting the compliance program where your expertise adds value, and closing gaps regardless of where they show up on an org chart.

You'll inherit a capable team and a clear mandate: raise the floor on security and operational maturity while keeping Paperless Parts moving fast. We're looking for someone who has navigated company scaling before and can anticipate what we'll need before it becomes a problem.

 

- You default to finding a solution, not delivering a verdict: you dig into the underlying need, do the discovery, and work with the team to find a path that actually works

- You think in systems and anticipate second-order effects: you don't just fix what's broken, you design so it doesn't break

- You're comfortable with ambiguity and can operate with minimal process while also being the person who builds the process

- You communicate clearly with both technical and non-technical stakeholders, including engineers, executives, and auditors

- You treat security as an enabler, not a gate

- You're genuinely curious about how AI tools can make your team and the broader organization more effective, and you're energized by leading that adoption, not just advising on it

---

## Bonus Points

- Experience at a SaaS company serving regulated industries (government, defense, or manufacturing)

- Familiarity with FedRAMP Moderate authorization boundaries and the nuances of corporate vs. product scope

- Background that spans both IT operations and security engineering

- Experience specifically with AI tooling adoption or governance

 

---

## Why This Role

- Real scope and authority: you'll set the direction for IT and enterprise security at a company that's growing fast and building for the long term

- Direct reporting line to the CISO with visibility to the CTO and broader leadership

- A seat inside Engineering, not alongside it: you'll be solving problems with the team, not handing down policies from the outside

- A team that's ready for this leadership and a company that's investing in it

- Competitive compensation, equity, and benefits

---

Salary range:  $190,000 - $258,000

The job posting range is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, performance, sales or revenue-based metrics, and business or organizational needs.

Paperless Parts Life

Culture: At Paperless Parts, we value intentionality, persistence and relationships. We live and breathe these values every day. As a fast-growing company, we’re continually improving what we’ve built while still building from the ground up. 

Boston Office: Our office is full of energy; people regularly collaborate to solve complex problems. We recognize that people work well in different environments and have intentionally designed our office to provide collaborative spaces and quiet focus areas. Our height-adjustable desks are set up with additional monitors, and employees are provided with the latest Apple technology to support productivity. 

Our headquarters is located in downtown Boston, MA and easily accessible to most transit routes (Red/Blue/Orange/Green Line/South Station/North Station).

Encinitas Office: Our California office is our newest office which seats our West Coast sales team. The office has an open floor plan with several conference rooms to encourage collaboration with your colleagues in California and TV's to connect with those sitting in Boston or remotely. The office is walking distance from Downtown Encinitas, the Coaster train stop, and tons of activities on the 101.

Benefits: We value you and your family. With this in mind, full-time employees are provided:

  • 100% coverage of health, dental, and vision for you and your dependent

  • Competitive compensation philosophy

  • Unlimited PTO

  • 13+ paid holidays

  • Company-sponsored wellness stipend

  • Pre-tax Commuter and FSA/Dependent Care FSA

  • 401(k) plan

  • Employee recognition program

Responsible for adherence to all security and privacy requirements, rules and regulations and implement as required.

Paperless Parts is committed to cultivating an equitable, inclusive, and supportive environment for all employees. We believe this environment creates a safe space for employees to share their experiences, brainstorm ideas, and grow their careers. Paperless Parts is an Equal Opportunity & Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Create a Job Alert

Interested in building your career at Paperless Parts? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Education

Select...

Select...
Select...
Have you worked at a startup company before? *
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Paperless Parts’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.