IT Support Manager

Requirements

• 3–5 years of experience in a corporate IT, IT security, or IT operations role — ideally at a startup or scale-up (50–200 people)
• Hands-on MDM experience: Kandji, Jamf, or Mosyle
• At least one full ISO 27001 implementation or audit‑support cycle
• Solid experience with an IdP / SSO platform (Okta, JumpCloud, or Google Workspace as IdP)
• Familiarity with a compliance platform such as Vanta or Drata
• Comfortable configuring and troubleshooting office networks (Ubiquiti, Cisco Meraki, or similar)
• Experience in fintech, financial services, or another regulated environment is a strong plus
• Proactive, ownership‑oriented mindset — you close tickets and fix the root cause
• Strong communicator who can translate security requirements into plain language for non‑technical colleagues

What the job involves

• We're looking for a hands‑on, security‑minded IT professional to join bunch as our first dedicated IT Operations. This role owns the full spectrum of corporate IT: from keeping our Berlin office running smoothly — monitors, cables, network — to managing device security, access governance, and our ISO 27001 compliance program
• This is a broad, high‑impact role for someone who thrives equally in the server room and in a compliance audit
• Ensure every bunch employee has a secure, reliable, and well‑configured working environment from day one
• Support the security and compliance posture that underpins bunch's trust with institutional clients and investors — executing the operational layer while Engineering leadership owns governance and risk
• Enable the company to scale confidently through Series B and beyond with reliable access controls, device management, and audit‑ready evidence
• Protect sensitive fund and LP data through disciplined identity management, endpoint security, and vendor access controls
• Make security invisible to employees — removing friction while maintaining rigor
• Provision and manage employee devices (laptops, monitors, peripherals) across the full lifecycle: procurement, setup, tracking, and offboarding
• Handle day‑to‑day IT support — software installs, connectivity issues, account troubleshooting
• Own the hardware asset inventory and device refresh cycle
• Set up and maintain meeting room AV and conferencing equipment
• Support bunch's ISO 27001 compliance program — the strategic governance and risk ownership sits with Engineering leadership, but the operational execution lives here
• Manage the compliance platform (Vanta): keeping controls green, collecting evidence, chasing evidence owners across teams, and closing findings
• Maintain and update security policies (Acceptable Use, Password Policy, Incident Response) in collaboration with Engineering leadership
• Support external auditors during certification cycles with evidence packages and control walkthroughs
• Run phishing simulations and coordinate security awareness training across the company
• Flag security gaps and risks to the appropriate owner — you are the eyes on the ground, not the sole decision‑maker
• Provision and deprovision access across all SaaS tools (Slack, Notion, Linear, AWS, Google Workspace, and others) during onboarding and offboarding
• Own SSO/IdP configuration and enforce least‑privilege access principles
• Conduct regular access reviews — a core requirement for ISO 27001 control A.9
• Manage vendor and tool access policies, ensuring employees access only what they need
• Own the Berlin office network: routers, switches, Wi‑Fi access points, and VLAN configuration (guest vs. corporate separation)
• Maintain network documentation: IP schema, hardware inventory, topology
• Troubleshoot connectivity issues and manage ISP relationships
• Manage Cloudflare Zero Trust or equivalent for secure remote access
• Own and operate the MDM platform (Kandji) — enforcing disk encryption, screen lock, patch compliance, and configuration profiles
• Monitor endpoint security alerts from EDR/AV tooling
• Ensure device compliance across the fleet at all times