IT Contractor (Security & Operations) na Berry Street

Description

Berry Street is on a mission to transform how Americans eat through nutrition therapy. Berry Street’s platform connects individuals needing evidence-based nutrition care with an expansive network of Registered Dietitians and AI-powered tools. From weight management, diabetes, and heart health to kidney disease, maternal health, and 25+ other conditions, Berry Street’s clinical team delivers personalized nutrition interventions tailored to each patient's unique physiological and psychological needs, improving outcomes and reducing total cost of care. Berry Street works with some of the largest health plans, as well as leading health systems and innovative care management companies to serve diverse populations across all 50 states. Visit berrystreet.co to learn more.

Since launching in January 2023, Berry Street has grown to over 1,400 providers on our platform and served tens of thousands of patients nationwide. We’re a Series B company backed by leading investors like Northzone, Sofina, and FJ Labs, as well as notable angel investors including the founders of Revolut, Spring, Grow Therapy, and Tilly.

The Role

We’re seeking an IT Contractor to help us build and mature our IT and security operations. This is a hands-on, execution-focused role for someone who can design, implement, and document IT systems, not just recommend tools. You’ll work closely with Engineering and Compliance to ensure Berry Street meets security and compliance expectations while enabling teams to work efficiently. The IT Contractor will own core IT operations and security implementation work that is currently distributed across Engineering and Operations, with a strong emphasis on device management, identity and access controls, and auditable IT workflows.

You’ll be focused on technical implementation and operational execution (e.g. endpoints, access controls, evidence collection, tooling), while compliance governance, policy ownership, and program leadership will be handled by Compliance. This role will start on a part-time contract basis, with the opportunity to expand scope and/or convert to full-time.

What You’ll Do

• Own day-to-day IT operations and device management, including laptops, endpoints, onboarding/offboarding, inventory, and lifecycle management.
• Implement and manage identity, access, and permissioning controls, including SSO, role-based access, and access reviews.
• Execute technical security controls in support of HIPAA, SOC 2, and enterprise customer requirements.
• Support SOC 2 and enterprise security remediation, including implementing controls, coordinating evidence, and maintaining documentation.
• Implement and operate an IT support ticketing system and service catalog with auditable request tracking.
• Manage IT vendors and tools, including evaluating, implementing, and integrating platforms (e.g., MDM, IdP, ticketing).
• Partner closely with Engineering, Compliance, and external security vendors to align technical implementation with compliance requirements.
• Produce clear system and process documentation and ensure knowledge transfer to internal teams.

Requirements

• 3-5+ years of IT operations and/or security experience, ideally in healthcare, healthtech, or other regulated environments.
• Experience with device management, identity management, and access controls.
• Experience with tools like Electric, Kandji, Jamf, Okta, Google Workspace, Freshservice, or similar platforms.
• You’ve supported SOC 2 or enterprise security audits, including remediation and evidence collection.
• You’re comfortable evaluating and implementing tools such as MDM platforms, SSO/IdP solutions, and ticketing systems.
• Clear, direct communicator; organized and detail-oriented.
• You prefer building and implementing systems over purely advisory work.
• Demonstrated ability to work autonomously and escalate appropriately in fast-moving environments with evolving requirements.
• Understanding of HIPAA security requirements and how they translate into real-world technical controls is a plus, but not required.
• Healthcare IT experience is strongly preferred.

Benefits

• This is a remote, contract role, with the opportunity to convert to full-time
• 20-30 hours per week are expected, but hours may land outside that estimate based on business needs
• The hourly pay range for this position is determined by qualifications, experience, and geographic location