IT and Security Associate

Job Description

Who are CloudNC?

CloudNC is transforming global manufacturing with AI that accelerates CAM programming, maximises factory output, and empowers machinists to deliver more.

Our core product, CAM Assist, speeds up CNC machining by tackling the most time-consuming and repetitive parts of the process, from machining strategy to toolpath generation.

It enables machinists to create effective programs in minutes, unlocking their full potential and helping shops increase throughput and improve consistency.

Today, CAM Assist is trusted by hundreds of machine shops around the world to enhance their teams’ productivity, resolving skills shortages and helping them to deliver efficiently for their customers.

Founded in 2015, CloudNC consists of a world-class team combining expertise in computer science and physical manufacturing.

The Role

The IT & Security Associate plays a critical role in protecting CloudNC's information assets by supporting day-to-day IT operations and leading proactive security initiatives. This role is responsible for maintaining a secure IT infrastructure, mitigating risks, ensuring policy and regulatory compliance, and collaborating across the organisation to embed security best practices.

Working closely with IT Support, Infrastructure, Engineering, and external vendors, the IT & Security Associate will ensure CloudNC maintains a robust security posture aligned with frameworks such as ISO 27001, SOC2, Cyber Essentials, and other relevant standards.

Job Requirements

Security Monitoring & Incident Response

• Monitor security events across systems, networks, and applications, triaging, classifying, and responding to potential threats.
• Conduct security incident investigations and support mitigation and recovery.
• Perform regular vulnerability assessments, lead mitigation planning, and, where appropriate, carry out remediation.
• Operate and maintain security controls and monitoring tools to ensure ongoing compliance with standards and policies.

Information Security Risk & Compliance Management

• Identify, assess, and document information security risks, working with stakeholders to plan and track mitigations.
• Support internal and external security audits and compliance activities (e.g., ISO 27001, SOC2, Cyber Essentials, Cyber Essentials+).
• Collaborate with audit partners to manage and deliver audits from planning through execution.
• Carry out periodic access reviews of all users across CloudNC systems to ensure compliance with least privilege principles.

Policy, Procedures & Documentation

• Draft, revise, and maintain information security policies in response to evolving business needs and regulatory requirements.
• Develop and implement procedures that support policies (e.g., change control, vulnerability management, access control), in collaboration with relevant stakeholders.
• Operate controlled documentation in line with ISO 27001 standards, including versioning, approvals, and secure storage of policies, procedures, and records.

Vendor Security & Customer Engagement

• Assess and document third-party vendors to ensure compliance with CloudNC’s security standards.
• Maintain evidence of vendor security assurance and conduct periodic reviews.
• Respond to information security queries from Sales, Partnerships, and customers, ensuring prompt, clear, and accurate communication.

Infrastructure & End-User Device Security

• Work with IT Support to ensure all end-user devices are securely configured, asset-managed, and protected at all times.
• Collaborate with infrastructure teams to monitor and maintain secure cloud environments, identifying and mitigating potential risks.

Security Awareness & Continuous Improvement

• Organise and deliver periodic, role-based security awareness training to maintain a security-conscious culture across CloudNC.
• Keep up to date with security trends and emerging threats; recommend improvements to processes, controls, and tooling.
• Promote continuous improvement in security operations, governance, and compliance.

What you need to have

Essential:

• 2-3 years' experience in IT support and/or information security roles.
• Experience working with security and compliance frameworks (e.g., ISO 27001, SOC2, GDPR).
• Solid understanding of risk management and security principles.
• Familiarity with firewalls, VPNs, endpoint protection, and security monitoring tools.
• Experience managing secure cloud environments and identity/access management.
• Strong documentation and communication skills.

Desirable:

• Experience with GovCloud, FedRAMP, or CMMC 2.
• IT/security certifications (e.g., Security+, CISSP).
• Exposure to infrastructure automation tools (e.g., Terraform).
• Familiarity with SOC processes, encryption, and secure data handling.

Job Benefits

Stock Options

Annual Performance Equity Award

28 days of annual leave

Leading medical plan

Life Insurance

Sabbatical leave

Enhanced primary, secondary and adoption parental pay & leave (maternity/paternity)

Equal Opportunities Statement

We are proud to be an equal opportunity employer, valuing individuality and embracing all people. The success of CloudNC is a result of diversity of thought. We recognise this comes from people truly belonging. We encourage different perspectives and skills to collaborate towards our mission - disrupting the manufacturing industry. We celebrate diversity and continually improve our inclusivity efforts.