IT and Security Associate

CloudNC is transforming global manufacturing with AI that accelerates CAM programming, maximises factory output, and empowers machinists to deliver more. Our core product, CAM Assist, speeds up CNC machining by tackling the most time‑consuming and repetitive parts of the process, from machining strategy to toolpath generation. It enables machinists to create effective programs in minutes, unlocking their full potential and helping shops increase throughput and improve consistency. Today, CAM Assist is trusted by hundreds of machine shops around the world to enhance their teams’ productivity, resolving skills shortages and helping them to deliver efficiently for their customers. Founded in 2015, CloudNC consists of a world‑class team combining expertise in computer science and physical manufacturing.

The IT & Security Associate plays a critical role in protecting CloudNC’s information assets by supporting day‑to‑day IT operations and leading proactive security initiatives. This role is responsible for maintaining a secure IT infrastructure, mitigating risks, ensuring policy and regulatory compliance, and collaborating across the organisation to embed security best practices. Working closely with IT Support, Infrastructure, Engineering and external vendors, the IT & Security Associate ensures CloudNC maintains a robust security posture aligned with frameworks such as ISO 27001, SOC2, Cyber Essentials and other relevant standards.

Job Requirements

• Security Monitoring & Incident Response: Monitor security events across systems, networks and applications, triaging, classifying and responding to potential threats. Conduct security incident investigations and support mitigation and recovery. Perform regular vulnerability assessments, lead mitigation planning and, where appropriate, carry out remediation. Operate and maintain security controls and monitoring tools to ensure ongoing compliance with standards and policies.
• Information Security Risk & Compliance Management: Identify, assess and document information security risks, working with stakeholders to plan and track mitigations. Support internal and external security audits and compliance activities (e.g., ISO 27001, SOC2, Cyber Essentials, Cyber Essentials+). Collaborate with audit partners to manage and deliver audits from planning through execution. Carry out periodic access reviews of all users across CloudNC systems to ensure compliance with least privilege principles.
• Policy, Procedures & Documentation: Draft, revise and maintain information security policies in response to evolving business needs and regulatory requirements. Develop and implement procedures that support policies (e.g., change control, vulnerability management, access control), in collaboration with relevant stakeholders. Operate controlled documentation in line with ISO 27001 standards, including versioning, approvals and secure storage of policies, procedures and records.
• Vendor Security & Customer Engagement: Assess and document third‑party vendors to ensure compliance with CloudNC’s security standards. Maintain evidence of vendor security assurance and conduct periodic reviews. Respond to information security queries from Sales, Partnerships and customers, ensuring prompt, clear and accurate communication.
• Infrastructure & End‑User Device Security: Work with IT Support to ensure all end‑user devices are securely configured, asset‑managed and protected at all times. Collaborate with infrastructure teams to monitor and maintain secure cloud environments, identifying and mitigating potential risks.
• Security Awareness & Continuous Improvement: Organise and deliver periodic, role‑based security awareness training to maintain a security‑conscious culture across CloudNC. Keep up to date with security trends and emerging threats; recommend improvements to processes, controls and tooling. Promote continuous improvement in security operations, governance and compliance.

Job Responsibilities

• Essential: 2-3 years of experience in IT support and/or information security roles. Experience working with security and compliance frameworks (e.g., ISO 27001, SOC2, GDPR). Solid understanding of risk management and security principles. Familiarity with firewalls, VPNs, endpoint protection and security monitoring tools. Experience managing secure cloud environments and identity/access management. Strong documentation and communication skills.
• Desirable: Experience with GovCloud, FedRAMP or CMMC 2. IT/security certifications (e.g., Security+, CISSP). Exposure to infrastructure automation tools (e.g., Terraform). Familiarity with SOC processes, encryption and secure data handling.

Job Benefits

• Stock Options
• Annual Performance Equity Award
• 28 days of annual leave
• Leading medical plan
• Life Insurance
• Sabbatical leave
• Enhanced primary, secondary and adoption parental pay & leave (maternity/paternity)

Equal Opportunities Statement

We are proud to be an equal opportunity employer, valuing individuality and embracing all people. The success of CloudNC is a result of diversity of thought. We recognise this comes from people truly belonging. We encourage different perspectives and skills to collaborate towards our mission – disrupting the manufacturing industry. We celebrate diversity and continually improve our inclusivity efforts.