IT & Security Program Manager

Fonoa is the Tax Operating System for autonomous tax. AI that tracks every rule, acts on every obligation, and proves every decision, built on modular infrastructure.

Fonoa’s modules cover the full indirect tax lifecycle: tax ID validation, real-time tax determination, e-invoicing, and returns. All on one shared data model and integration, with one audit trail. Each added capability makes the others stronger.

Agents monitor obligations, populate returns, catch anomalies and assemble audit packs in seconds. The system does the work. Humans make the calls. That’s autonomous tax.

We operate across 120+ countries, with clients going live in weeks, if not days.

Trusted by Canva, Netflix, Spotify, Uber, Zoom and Booking.com. Rated 4.5/5 stars and a High Performer on G2 and 4.6/5 stars on Gartner Peer Insights.

Find out more: www.fonoa.com

Position Overview

As Fonoa continues to scale globally, we are looking for an IT & Security Program Manager to take ownership of how our IT and security initiatives are planned, coordinated, and delivered across the company.

This is not a purely technical role. You will be the person who makes sure the right things happen at the right time across both IT and security: IT projects land on schedule, security audits and certifications are planned well in advance, penetration tests are tracked to closure, tooling rollouts are coordinated properly, and nothing slips through the cracks. You will pull in Security Engineers, Infrastructure, IT, Legal, and external vendors as each initiative requires, keeping everyone aligned and moving.

Fonoa's IT and security function covers a lot of ground. You will be the connective tissue that holds all the different pieces together and turns a busy team into a well-run program.

Key Responsibilities

• Own the IT & Security program: keep the calendar, track initiatives, and make sure nothing falls through the cracks. You are responsible for delivery, not for doing everything yourself.

• Coordinate IT initiatives such as tooling rollouts, IdP migrations, and access management projects, working with Infrastructure and IT to keep them scoped and on track.

• Run the compliance and certification cycles (SOC 2, ISO 27001, ISO 9001): coordinate with auditors, internal teams, and Legal to keep evidence collection and deadlines under control.

• Manage the pentest program end to end: scope, vendors, finding tracking, and remediation follow-up in collaboration with Security Engineers and Engineering.

• Drive the security awareness program together with People Ops: training campaigns, phishing simulations, and completion tracking.

• Coordinate risk and vendor reviews, keeping the risk register up to date and supporting enterprise sales with security questionnaires and due diligence requests.

• Report on program health to leadership with clear, consistent visibility into what is on track, what is at risk, and what needs decisions.

You will work alongside Security Engineers, IT, Infrastructure, Legal, and external vendors. Your job is to make the team more effective by owning the coordination layer, not to be a one-person department.

Qualifications

• 4+ years of experience in program management, IT operations, or a cybersecurity/GRC coordination role

• End-to-end ownership of at least one full SOC 2 or ISO 27001 cycle

• Strong understanding of multiple frameworks and how to map controls across them

• Working knowledge of GDPR, enterprise risk, and third-party risk

• Ability to operate independently and build structure from ambiguity

• Good enough understanding of IT and security to have credible conversations with engineers and auditors, without needing to be a hands-on technical practitioner

• Strong written and verbal communication: able to translate technical work into clear updates for non-technical audiences

• Highly organised, deadline-driven, and comfortable holding others accountable

Why Join Us

• Opportunity to build and shape security at a fast-growing, global startup

• High ownership and impact in a critical function

• Work with a collaborative, motivated, and experienced team

• Competitive compensation and benefits

• Flexible working arrangements

If you’re passionate about building security the right way, enjoy taking ownership, and want to help scale a modern, security-conscious organisation, we’d love to hear from you.

As part of the recruitment process at Fonoa, we process your personal data in accordance with our Privacy Notice for Job Applicants. This notice explains how and why your data is collected and used, and how you can contact us if you have any concerns.