Director of IT Security (Remote Canada)
Gehalt: Von 165.000,00 € bis 200.000,00 €
Director of IT Security — Job Description
This role reports to the Head of Finance and is responsible for leading the organization’s information security strategy across its fully remote workforce operating in the United States, Canada, Mexico, and the United Kingdom.
As the Director of IT Security, you will establish and continuously mature the cybersecurity program, protecting people, client data, business operations, and the technology ecosystem from evolving threats. You will proactively identify and mitigate risks, strengthen security posture, oversee compliance initiatives, and prepare the organization to respond effectively to emerging threats. You will work closely with the leadership team to embed security into every aspect of the business while enabling continued growth and innovation.
Roles & Responsibilities Cybersecurity Strategy and Governance
- Develop and execute the company’s information security strategy and scalable security roadmap.
- Establish and maintain enterprise security policies, standards, and governance frameworks.
- Present cybersecurity risks, recommendations, and security metrics to executive leadership.
- Partner with department leaders to ensure security is integrated into business operations and decision‐making.
- Stay ahead of emerging cybersecurity threats, AI risks, and industry best practices.
Risk Management and Threat Assessments
- Conduct ongoing enterprise‐wide cybersecurity risk assessments across infrastructure, endpoints, applications, and business processes.
- Build and maintain the organization’s cybersecurity risk register and remediation roadmap.
- Lead vulnerability management efforts and prioritize remediation based on business risk.
- Perform third‐party vendor security assessments and ongoing vendor risk management.
- Continuously evaluate new technologies and recommend security improvements.
- Configure and enforce data governance policies across distributed tools (Notion, Drive, Stratos) to prevent data silos.
- Manage device security policies using MDM software (Kandji) to protect company assets.
Security Operations & Incident Response
- Own the organization’s incident response program, including playbooks, tabletop exercises, and post‐incident reviews.
- Oversee endpoint security, identity and access management, privileged access controls, MFA, and device security.
- Partner with the Senior IT Manager to implement technical security controls and monitor the health of the environment.
- Coordinate with external security vendors and managed security providers when necessary.
- Develop and oversee business continuity and disaster recovery planning.
Compliance & Client Security
- Lead security compliance initiatives including SOC 2 Type II and future security certifications.
- Own customer security questionnaires and support enterprise sales opportunities by demonstrating security posture.
- Partner with Legal, Insurance, and Finance on privacy, data governance, and regulatory compliance.
- Maintain documentation for security policies, controls, audits, and evidence collection.
Security Awareness & Culture
- Build and/or manage company‐wide security awareness and phishing training programs.
- Promote a security‐first culture across the organization.
- Educate employees on evolving cybersecurity threats, social engineering, AI usage, and data protection best practices.
- Establish security metrics and regularly report organizational security maturity.
Qualifications
- 7+ years of experience in cybersecurity, information security, or risk management.
- 3+ years leading enterprise security programs or security teams.
- Demonstrated experience performing cybersecurity risk assessments and threat modeling.
- Strong knowledge of cloud‐first and SaaS‐based environments, including Google Workspace, Salesforce, NetSuite, Okta, and modern identity platforms.
- Experience implementing and maintaining security frameworks such as SOC 2, ISO 27001, or the NIST Cybersecurity Framework.
- Deep understanding of endpoint security, identity management, vulnerability management, incident response, and security operations.
- Experience working within fully remote organizations supporting distributed workforces.
- Strong executive communication skills with the ability to translate technical risk into business impact.
- CISSP, CISM, CRISC, or equivalent cybersecurity certification is strongly preferred.
Success Metrics
- Develop and execute a scalable cybersecurity roadmap that measurably improves overall security posture.
- Complete enterprise‐wide risk and threat assessments, resulting in prioritized remediation plans for critical vulnerabilities.
- Maintain successful SOC 2 compliance and establish audit readiness across all security controls and documentation.
- Reduce organizational cybersecurity risk through stronger identity management, endpoint protection, and security governance.
- Build a proactive security awareness program that significantly reduces phishing susceptibility and increases employee engagement.
- Establish measurable security KPIs and provide regular executive reporting on risks, trends, and program maturity.
- Create a resilient incident response and disaster recovery program that enables the business to respond confidently with minimal operational disruption.
- Become a trusted strategic partner to executive leadership by balancing strong security practices with business agility and growth.
Benefits
- We have a set living wage at Directive; the annual base salary range for this position based in Canada is $165,000–$200,000 CAD. This range is an estimate and may vary based on compensation practices, job‐related skills, and depth of experience.
- Medical, dental, vision plans, disability, and life insurance coverage for you and your family that fit your lifestyle.
- Benefits to support the whole person.
Work Environment Requirements
As a remote‐first company, you may work from anywhere in the U.S., with the option to use our state‐of‐the‐art offices in Irvine, California. For some positions, we accommodate global opportunities where we have established businesses, including Canada, the U.K., and Australia. For global locations, you must have established and current work authorization and permanently reside in that country.
This role operates 100% virtually from your home office, collaborating through virtual meetings (Zoom) and Slack. You will be required to operate a laptop computer (PC or Mac) and use computer software platforms and other office productivity tools as necessary. Due to the nature of this role, you must be able to remain stationary for extended periods, observe and interpret written or verbal communication, have reliable internet access, and maintain a professional background.
To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions.
If you require reasonable accommodations in completing this application, interviewing, completing any pre‐employment testing, or otherwise participating in the employee selection process, direct your inquiries to careers@directiveconsulting.com.
EEO Statement
At Directive, one of our core values is People First. We’re committed to fostering a more diverse and inclusive culture in the digital landscape. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
#J-18808-Ljbffr