Director of IT Security leading the cybersecurity strategy for a remote workforce at Directive Consulting. Responsible for risk management, incident response, and compliance initiatives.
Responsibilities
Develop and execute the company's information security strategy and scalable security roadmap
Establish and maintain enterprise security policies, standards and governance frameworks
Present cybersecurity risks, recommendations and security metrics to executive leadership
Partner with department leaders to ensure security is integrated into business operations and decision-making
Conduct ongoing enterprise-wide cybersecurity risk assessments across infrastructure, endpoints, applications and business processes
Build and maintain the organization's cybersecurity risk register and remediation roadmap
Lead vulnerability management efforts and prioritize remediation based on business risk
Perform third-party vendor security assessments and ongoing vendor risk management
Own the organization's incident response program, including playbooks, tabletop exercises and post-incident reviews
Oversee endpoint security, identity and access management, privileged access controls, MFA and device security
Lead security compliance initiatives including SOC 2 Type II and future security certifications
Build and/or manage company-wide security awareness and phishing training programs
Educate employees on evolving cybersecurity threats, social engineering, AI usage and data protection best practices
Requirements
7+ years of experience in cybersecurity, information security or risk management
3+ years leading enterprise security programs or security teams
Demonstrated experience performing cybersecurity risk assessments and threat modeling
Strong knowledge of cloud-first and SaaS-based environments including Google Workspace, Salesforce, NetSuite, Okta and modern identity platforms
Experience implementing and maintaining security frameworks such as SOC 2, ISO 27001 or the NIST Cybersecurity Framework
Deep understanding of endpoint security, identity management, vulnerability management, incident response and security operations
Experience working within fully remote organizations supporting distributed workforces
Strong executive communication skills with the ability to translate technical risk into business impact
CISSP, CISM, CRISC, or equivalent cybersecurity certification is strongly preferred
Benefits
Medical, dental, vision plans, disability, and life insurance coverage for you and your family
100% employer-paid plan for you and a 50% employer contribution for your dependents
Access to certified therapists through Spring Health, membership to Headspace
Physical therapy through Omada, fertility support through Carrott, thousands of Aaptiv virtual workouts, complimentary One Medical membership for primary and virtual care
Unlimited PTO (2-week minimum), Paid Company Holidays, Your Birthday Off, End of Year Recharge (Closed December 24 - January 1), Paid Parental Leave
Traditional and Roth 401(k) with a 3% company match
Annual bonus based on tenure, which scales in total amount over time
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.