IT/Security + AI Systems Lead

A confidential early-stage UK company is looking for a Scotland-based fractional IT, security and AI operations lead, consultant, or small MSP to support a lean but serious company-device, Microsoft 365, ClickUp and ChatGPT Business rollout.

We need someone practical, security-aware and responsive who can complete an initial setup sprint and then remain available for ongoing support, urgent issues and monthly reviews.

The role covers company-owned Apple laptops and phones, Microsoft 365, Microsoft Intune, Microsoft Entra ID, SharePoint, OneDrive controls, ChatGPT Business, ClickUp, basic security monitoring, onboarding/offboarding and Cyber Essentials readiness.

We need someone who can build the company's IT and AI operations foundation properly, document what they configure, and avoid creating dependency on their personal accounts or undocumented processes.

Core work

• Set up and manage Microsoft 365 Business Premium
• Configure Microsoft Entra ID, MFA, admin, security groups and Conditional Access
• Configure Microsoft Intune for company-owned Apple laptops and phones
• Support Apple Business enrolment where appropriate.
• Set up device compliance policies, encryption, password rules, screen lock, approved apps and standard-user access.
• Remove local admin rights for normal users while keeping work practical.
• Configure SharePoint as the controlled company file system.
• Control external sharing and unmanaged-device access.
• Configure baseline Defender/security monitoring and basic DLP/audit alerts.
• Create onboarding and offboarding processes.
• Support Cyber Essentials readiness.
• Maintain and enforce AI usage rules and workspace controls
• Help configure approved ChatGPT workspace GPTs, connectors or agents where appropriate.
• Build ClickUp spaces, folders, lists, statuses, dashboards, templates and automations.
• Help configure ClickUp AI/agents safely, with permissions and auditability.

ChatGPT Business and AI governance scope

We want ChatGPT Business used through a company-controlled workspace, not personal AI accounts.

The consultant should be able to help with:

• User setup and admin controls.
• Workspace permissions.
• SSO/MFA where appropriate.
• Company AI usage policy.
• Approved vs unapproved AI tools.
• Safe use of connectors.
• Workspace GPTs or agents for repeatable workflows.
• Agent register covering owner, purpose, permissions, data sources, actions, review date and kill switch.
• Rules preventing AI tools or agents from accessing confidential areas they do not need.
• No broad, uncontrolled agents. No personal AI accounts for company confidential work. No sensitive data in AI tools unless specifically approved.

ClickUp scope

ClickUp will be used as the company's execution system.

The consultant should be able to help with:

• Workspace structure
• Permissions
• Dashboards
• Recurring workflows
• Automations
• AI agent governance where applicable.
• Integration logic between ClickUp, Microsoft 365, SharePoint, Teams, ChatGPT Business, GitHub/Figma/CRM tools where relevant.

The goal is a clean operating system where actions, owners, deadlines, evidence links and blockers are visible.

Contract structure

• Initial setup sprint (fixed fee + scope) £1500
• Ongoing monthly retainer: (fixed fee + scope) £450
• Out-of-scope day/hour rate for any additional work

Scotland-based preferred. Glasgow, Edinburgh or central belt ideal, but remote-first is acceptable if occasional in-person support within Glasgow is possible.

Must-have experience

• Microsoft 365 administration.
• Microsoft Entra ID.
• Cyber Essentials awareness.
• ClickUp workspace setup.
• ClickUp dashboards, templates and automations.
• ChatGPT Business or enterprise AI workspace governance.
• AI agent/workflow governance, or clear ability to learn and document this properly.
• Conditional Access.
• Microsoft Intune for macOS and iOS/iPadOS.
• Apple Business Manager experience (now Apple Business)
• SharePoint permissions and external-sharing controls
• MFA and admin-account governance.
• Mac encryption/FileVault and recovery-key handling.
• Device onboarding and offboarding.
• Small-business security.

Nice-to-have experience

• Microsoft Defender for Business
• Microsoft Purview DLP
• Microsoft 365 Backup
• 1Password Business
• Teams governance
• GitHub security basics
• Figma workspace governance
• HubSpot or CRM setup
• Tailscale or Microsoft secure access tools
• Jamf.Incident response
• Regulated-data or confidential-data environments.

What we do not want

• Someone who only does basic laptop support
• Someone who has never managed Apple devices through Intune or Apple Business.
• Someone who says everyone can stay local admin
• Someone who sets things up through their own Apple ID, Microsoft account, email or password manager
• Someone who cannot document what they changed
• Someone who gives themselves permanent undocumented admin access
• Someone who says "just use Google Drive "
• Someone who connects AI tools to everything without permission boundaries.
• Someone who creates ClickUp automations or agents nobody understands.
• Someone who treats ChatGPT Business as a casual personal chatbot setup.
• Someone who cannot explain how the company keeps control if the consultant leaves.

Application instructions

Please reply with:

• Relevant Microsoft 365/Intune/Apple experience.
• Relevant ClickUp experience.
• Relevant ChatGPT Business or AI workspace experience.
• Cyber Essentials experience.
• Setup fee.
• Monthly retainer.
• Included hours.
• Response times.
• Out-of-scope rate.
• Whether you are Scotland-based.
• Examples of similar work, without breaching client confidentiality.

References or case studies if available.

Benefits:

• Free or subsidised travel
• Health & wellbeing programme
• Private medical insurance

Application question(s):

• How would you restrict OneDrive without blocking useful individual work?
• How would you govern ChatGPT connectors or agents?
• Have you built ClickUp workspaces with dashboards, templates and automations?
• How would you document an automation or agent so it can be audited later?
• Have you personally set up Microsoft Intune for company-owned Macs and iPhones?
• How would you handle a lost company laptop?

Do you have experience in macOS?