
Director of IT Security
Posted Jun 30

Posted Jun 30
This is a fully remote position, open to applicants in Canada.
• Design and implement the organization's information security strategy along with a scalable security roadmap.
• Create and uphold enterprise security policies, standards, and governance frameworks.
• Communicate cybersecurity risks, recommendations, and security metrics to executive leadership.
• Collaborate with department leaders to ensure security is woven into business operations and decision-making processes.
• Conduct continuous enterprise-wide cybersecurity risk assessments across infrastructure, endpoints, applications, and business processes.
• Develop and manage the organization's cybersecurity risk register and remediation roadmap.
• Direct vulnerability management initiatives and prioritize remediation efforts based on business risk.
• Execute third-party vendor security evaluations and ongoing vendor risk management.
• Oversee the organization's incident response program, including playbooks, tabletop exercises, and post-incident reviews.
• Manage endpoint security, identity and access management, privileged access controls, multi-factor authentication, and device security.
• Lead security compliance efforts, including SOC 2 Type II and future security certifications.
• Develop and/or oversee company-wide security awareness and phishing training initiatives.
• Inform employees about evolving cybersecurity threats, social engineering tactics, AI usage, and best practices for data protection.
• A minimum of 7 years of experience in cybersecurity, information security, or risk management.
• At least 3 years of experience leading enterprise security programs or security teams.
• Proven experience in conducting cybersecurity risk assessments and threat modeling.
• In-depth knowledge of cloud-first and SaaS-based environments, including Google Workspace, Salesforce, NetSuite, Okta, and modern identity platforms.
• Experience in implementing and maintaining security frameworks such as SOC 2, ISO 27001, or the NIST Cybersecurity Framework.
• Comprehensive understanding of endpoint security, identity management, vulnerability management, incident response, and security operations.
• Experience working in fully remote organizations that support distributed workforces.
• Excellent executive communication skills with the ability to translate technical risk into business impact.
• CISSP, CISM, CRISC, or another equivalent cybersecurity certification is highly preferred.
• Medical, dental, vision plans, disability, and life insurance coverage for you and your family.
• 100% employer-paid plan for you and a 50% employer contribution for your dependents.
• Access to certified therapists through Spring Health, along with a membership to Headspace.
• Physical therapy through Omada, fertility support through Carrott, thousands of Aaptiv virtual workouts, and complimentary One Medical membership for primary and virtual care.
• Unlimited PTO (minimum of 2 weeks), Paid Company Holidays, Your Birthday Off, End of Year Recharge (Closed December 24 - January 1), Paid Parental Leave.
• Traditional and Roth 401(k) with a 3% company match.
• Annual bonus based on tenure, which increases in total amount over time.
Salesforce
Plurilock
Navitas Business Consulting, Inc.
Foresite Cybersecurity
Get handpicked remote jobs straight to your inbox weekly.