IT & Security Program Manager at Fonoa

COMPANY DESCRIPTION At Fonoa, we are transforming how digital-first companies stay tax compliant. We provide simple and modular API solutions that easily integrate into any existing workflow. Through our technology-first approach, we reduce manual processes, increase compliance, and lower operational costs when transacting and scaling internationally. We are solving one of the largest yet unsolved problems in global e-commerce. Our tax automation software enables companies such as Uber, Zoom, Booking.com [Upgrade to PRO to see link] Squarespace, and Rappi to expand their international offerings more quickly and remain tax-compliant. POSITION OVERVIEW As Fonoa continues to scale globally, we are looking for an IT & Security Program Manager to take ownership of how our IT and security initiatives are planned, coordinated, and delivered across the company. This is not a purely technical role. You will be the person who makes sure the right things happen at the right time across both IT and security: IT projects land on schedule, security audits and certifications are planned well in advance, penetration tests are tracked to closure, tooling rollouts are coordinated properly, and nothing slips through the cracks. You will pull in Security Engineers, Infrastructure, IT, Legal, and external vendors as each initiative requires, keeping everyone aligned and moving. Fonoa's IT and security function covers a lot of ground. You will be the connective tissue that holds all the different pieces together and turns a busy team into a well-run program. KEY RESPONSIBILITIES - Own the IT & Security program: keep the calendar, track initiatives, and make sure nothing falls through the cracks. You are responsible for delivery, not for doing everything yourself. - Coordinate IT initiatives such as tooling rollouts, IdP migrations, and access management projects, working with Infrastructure and IT to keep them scoped and on track. - Run the compliance and certification cycles (SOC 2, ISO 27001, ISO 9001): coordinate with auditors, internal teams, and Legal to keep evidence collection and deadlines under control. - Manage the pentest program end to end: scope, vendors, finding tracking, and remediation follow-up in collaboration with Security Engineers and Engineering. - Drive the security awareness program together with People Ops: training campaigns, phishing simulations, and completion tracking. - Coordinate risk and vendor reviews, keeping the risk register up to date and supporting enterprise sales with security questionnaires and due diligence requests. - Report on program health to leadership with clear, consistent visibility into what is on track, what is at risk, and what needs decisions. You will work alongside Security Engineers, IT, Infrastructure, Legal, and external vendors. Your job is to make the team more effective by owning the coordination layer, not to be a one-person department. QUALIFICATIONS - 4+ years of experience in program management, IT operations, or a cybersecurity/GRC coordination role - End-to-end ownership of at least one full SOC 2 or ISO 27001 cycle - Strong understanding of multiple frameworks and how to map controls across them - Working knowledge of GDPR, enterprise risk, and third-party risk - Ability to operate independently and build structure from ambiguity - Good enough understanding of IT and security to have credible conversations with engineers and auditors, without needing to be a hands-on technical practitioner - Strong written and verbal communication: able to translate technical work into clear updates for non-technical audiences - Highly organised, deadline-driven, and comfortable holding others accountable WHY JOIN US - Opportunity to build and shape security at a fast-growing, global startup - High ownership and impact in a critical function - Work with a collaborative, motivated, and experienced team - Competitive compensation and benefits - Flexible working arrangements If you’re passionate about building security the right way, enjoy taking ownership, and want to help scale a modern, security-conscious organisation, we’d love to hear from you. As part of the recruitment process at Fonoa, we process your personal data in accordance with our Privacy Notice for Job Applicants [Upgrade to PRO to see link] This notice explains how and why your data is collected and used, and how you can contact us if you have any concerns.