Senior IT Operations Specialist

Boston, MA


ABOUT BLACK KITE

Black Kite is the global leader in third-party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business leaders a continuous, outside-in view of their entire vendor ecosystem — translating complex cyber, financial, and compliance signals into clear, actionable risk intelligence.

We go beyond open standards-based cyber ratings. Black Kite helps organizations make smarter risk decisions, strengthen business resilience, and scale their third-party cyber risk management programs in an increasingly complex digital environment. Our work has earned consistent recognition from customers and industry analysts alike.

THE ROLE

You will own IT service delivery at Black Kite end to end. You are the person people count on for fast, reliable support and clean, well-run provisioning.

You inherit working systems, documented handoffs, and a governance model that is already designed, so you can move fast without reinventing the operating model. What you bring is the judgment and independence to run it well day to day: triaging and resolving support issues, managing the device lifecycle, keeping the SaaS portfolio clean, and steadily automating away manual work. You also own the technical experience of the office itself — conference room AV, network and connectivity setup, and equipping the space for all-hands meetings, offsites, and company events, so every session runs without a hitch.

This is an individual contributor role built for someone who works autonomously, takes ownership of a defined set of operational responsibilities without needing direction, and is equally comfortable in a support ticket, a vendor renewal conversation, and setting up the room before an all-hands.

WHAT YOU WILL OWN

Front-line IT support. You are the face of IT at Black Kite. Triage, resolution, and the day-to-day experience of getting help. You'll set the bar for what responsive, well-run support feels like here.

Computer purchasing, preparation, and deprovisioning. A documented lifecycle, start to finish, that you run and continuously improve.

Collaboration and work management platforms. Slack, Zoom, Asana, and Neat room systems. Provisioning, workspace administration, app approvals, and usage reporting.

Productivity suite. Office 365 tenant administration, licensing, and application support.

AI platform administration. Seat provisioning, spend administration, and workspace management for Claude Enterprise and ChatGPT Enterprise, working alongside the security team's governance program.

Endpoint and desktop. The JumpCloud-managed fleet — hardware ordering and preparation, enrollment and imaging, software deployment, break/fix, and lifecycle. You hold the operational admin keys here, working in a clean, well-defined partnership with security on policy and audit.

Onboarding and identity operations. New user onboarding end to end, from ordering the computer to day-one readiness, plus clean terminations and directory hygiene. You'll build directory-driven lifecycle automation wherever platforms support it, and where it doesn't exist yet, you'll work through clear, recorded provisioning requests.

Helpdesk and the Suptask platform. You own the platform and the internal helpdesk queue outright, with security running its own forms and escalation workflows as a first-class tenant inside the system you administer.

SaaS license administration. Assignment, reclamation of unassigned seats, renewal prep, and cost visibility across the managed portfolio.

Office and event technical setup. Conference room AV, network and connectivity, and equipment readiness for all-hands meetings, offsites, and company events. You make sure the room works before anyone notices it needed to.

HOW THIS ROLE WORKS WITH SECURITY

You'll work closely with security in a partnership built for clarity: they set policy baselines, review new platforms before launch, and hold audit rights; you run operations. Under the company's Ownership by Design standard, every platform carries three named roles from day one — a business owner, an administrator, and an access grantor. You'll be the default administrator for IT-owned platforms, and, where designated, the access grantor executing against approved requests. It's a structure built so both teams can move fast without stepping on each other.

WHAT YOU BRING

  • 5+ years in IT operations or IT service delivery, including hands-on front-line support you're proud of — this role personally delivers help, not just manages it

  • Vendor and contract management experience across a SaaS and hardware portfolio — negotiating renewals, managing service commitments, and holding suppliers accountable

  • Hands-on administration of a modern SaaS stack: an identity/MDM platform (JumpCloud, Okta, Jamf, or Intune), Slack or comparable collaboration tools, and a Microsoft 365 tenant

  • ITSM fundamentals — queue management, SLA design, and helpdesk metrics that mean something

  • An automation instinct — you reach for directory-driven provisioning, workflow tools, or scripts before another manual runbook, and can point to where you've eliminated manual work

  • Comfort operating inside a governance framework — separation of duties, recorded request trails, and access reviews are things you've lived with (SOC 2 or ISO 27001 environments), not obstacles to route around

  • Procurement and asset lifecycle experience — hardware purchasing, license management, renewals

  • The judgment to run clean handoffs — this role receives seven functions in sequenced phases, and each cutover needs runbooks, a named escalation path, and no dropped tickets

NICE TO HAVE

  • Experience as the sole or lead IT operator at a company, owning the function independently without a large team around you

  • Administration of enterprise AI platforms (Claude, ChatGPT, or Copilot workspaces)

  • Workflow automation experience, ideally with n8n (our automation platform), or scripting (Python, PowerShell)

  • SaaS spend management or FinOps exposure

WHAT SUCCESS LOOKS LIKE IN YEAR ONE

  • Internal IT support runs on defined service levels and is measurably faster than before, with hardware purchasing and deprovisioning on a documented lifecycle

  • All seven transferred functions are cut over with runbooks, named ownership, and no regression in service

  • Directory-driven provisioning automation covers the majority of joiner/mover/leaver events, with every manual grant on a recorded request trail

  • The first post-transition access review closes with no findings attributable to IT-executed grants

  • Unassigned license spend is identified and materially reduced at renewal