About ZenQMS
From life-saving therapies to sustainable materials, today’s scientific breakthroughs are reshaping our future. Yet as science accelerates, the challenge isn’t discovery, it’s maintaining the highest standards of quality at speed and scale.
At ZenQMS, we’re redefining quality for the Life Sciences industry. Our mission isn’t just to elevate the role of quality, it’s to empower science to move faster. Trusted by regulated companies around the world, our digital quality management platform simplifies compliance, streamlines operations, reduces risk & drives continuous improvement. ZenQMS is built by quality leaders who believe quality teams deserve better, “less stress” solutions that make their lives easier, innovation faster, and consumers safer. Our team and broader community are organized around our core values: be kind, always be improving, be part of the community, and keep it simple.
Join us to help bring modern, simple quality solutions to innovators in the Life Sciences!
About the role
This role is the operational center of how every employee — across US-Ardmore, US-Remote, Brazil, and Romania — receives, secures, and uses their computer and core SaaS accounts. The right person is equally comfortable scripting in Rippling, tuning CrowdStrike Falcon, modeling a hardware refresh budget, and translating audit / SOC 2 evidence requests into automated reports.
What you'll do
- Identity & Rippling: Own Rippling as the source of truth for identity, SuperGroups, and software deployment. Drive password sync across Google Workspace, Rippling, and local PC/Mac; consolidate SuperGroups; build and maintain the Roles Access Matrix; expand native and custom Rippling app integrations.
- Onboarding & Offboarding: Partner with HR to deliver day-1-ready new hires (accounts, software, hardware, and access fully provisioned with zero manual tickets) and document offboarding archive and handoff workflows.
- Endpoint Security (CrowdStrike Falcon): Review and enable Falcon product capabilities (EDR, Identity Protection, Spotlight, Fusion SOAR); ensure 100% sensor coverage via Rippling-driven deployment; build coverage validation reports.
- Google Workspace: Drive context-aware access, OU rationalization, Vault retention, and terminated-employee data workflows.
- Hardware Lifecycle: Maintain device inventory and replacement calendar; produce FY26 and FY27 hardware budget forecasts; manage Apple Business Manager and Windows MDM strategy; evaluate Rippling Device Management for international procurement; own EOL disposal and trade-in workflows across US, Brazil, and Romania.
- Reporting & Audit Evidence: Own the Audit, Notifications and Reporting program — weekly patching / compliance reports, Falcon alerting workflows, and the device lifecycle dashboard that backs SOC 2 and customer audit evidence.
- Internal Tooling: Continue development of the PostgreSQL ram_db (promote to Prod on the Sandbox Cluster; add account management, backups, and recovery) and the AI-built web front-end.
What you'll bring
- 3+ years administering a modern HRIS-driven identity / device platform (Rippling, Okta, Jamf, Intune, or equivalent).
- Hands-on experience deploying and operating CrowdStrike Falcon (or comparable EDR: SentinelOne, Defender for Endpoint).
- Google Workspace admin experience including OU design, Context-Aware Access, and Vault.
- Cross-platform endpoint management: macOS (ABM, MDM) and Windows (Autopilot / Intune or vendor MDM equivalent).
- Comfort with SQL and at least one scripting language (Python, Bash, or PowerShell) for automation and report generation.
- Demonstrated ownership of audit / compliance evidence (SOC 2, ISO 27001, or HIPAA) — not just participating in audits, but building the evidence pipeline.
- Excellent written documentation skills — runbooks, decision memos, internal wiki pages.
Nice-to-haves
- PostgreSQL administration including backups (pgBackRest / wal-g), PITR, and RBAC.
- Experience integrating AI tooling (Claude, Gemini, Copilot) into operational workflows.
- International deployment experience — Brazil and / or Romania a strong plus.
- Exposure to Quality Management Systems (QMS) or regulated life-sciences software environments.
- Familiarity with infrastructure-as-code patterns (Terraform, Ansible) even if not used daily in the role.
What success looks like
- Day 1 of any new hire: accounts, software, hardware, and access fully provisioned with zero manual IT tickets.
- Single password change propagates to Google Workspace, Rippling, and the local PC/Mac within one sync cycle for 100% of staff.
- 100% Falcon sensor coverage with a weekly automated report flagging any gap within 24 hours.
- Published Roles Access Matrix driving automated provisioning and quarterly access reviews.
- FY27 hardware budget defensible from a per-device inventory with a documented replacement policy.
- Audit-ready evidence pipeline: SOC 2 controls supported by automated reports, not screenshots collected the week of the audit.
PIfb141503d3a0-37437-40663000
