Director of IT & Security

Summary

Join Masabi as their Director of IT & Security, leading a strategic function crucial to the company's safety, scalability, and mission readiness. You will define and lead Masabi’s global security strategy, manage audits and compliance, and lead incident response. The role also involves representing Masabi externally in security engagements and leading internal programs. You will head a small, high-performing team, with opportunities for growth through collaboration and partnerships. This hybrid or remote role is available for candidates based in the UK, Canada (East Coast), or Colombia. If you are passionate about cybersecurity, cloud infrastructure, and enabling high-performing teams in a fast-growing SaaS company, this is the ideal opportunity.

Requirements

• Proven leadership in IT and security in a SaaS or tech-led business
• Strong knowledge of ISO27001, SOC 2, PCI DSS, and GDPR
• Skilled in incident response, risk management, and audit readiness
• Excellent communicator with customer-facing security experience
• Hands-on with IT systems (e.g. SSO, MDM, endpoint protection, Google Workspace, Salesforce, D365)
• Able to navigate complex technical and business trade-offs

Responsibilities

• Define and lead Masabi’s global security strategy across infrastructure, endpoint, SaaS, and application layers
• Manage audits and ensure compliance with ISO27001, SOC 2, GDPR, and PCI DSS frameworks
• Lead incident response, including drills and root cause analysis
• Own the security risk register and drive mitigation progress across teams
• Deliver business-wide security education and awareness
• Represent Masabi in customer security engagements, RFPs, due diligence, and assurance reviews
• Align internal posture with customer contract requirements
• Conduct periodic security reviews with key customers
• Own and manage end-to-end PCI compliance
• Lead corporate IT policies and processes (acceptable use, device management, SaaS access)
• Oversee the IT Helpdesk, device lifecycle, endpoint security, MDM, and SaaS governance
• Ensure business continuity and disaster recovery capabilities
• Manage procurement and vendor relationships for IT tooling
• Lead, mentor, and develop a small IT & Security team, fostering a high-trust, high-performance culture
• Partner with Engineering, Infrastructure, Legal, and Sales on secure systems and contracts
• Contribute to M&A diligence and post-integration efforts
• Provide strategic security reporting to executive leadership

Preferred Qualifications

• Experience in regulated/public sector environments
• Certifications: CISSP, CISM, CISA, ISO Lead Auditor
• History of scaling security maturity through growth or M&A

Benefits

• 20 days of vacation per year (in addition to public holidays), plus the option to buy an additional 5 days of vacation each year
• On top of this, our office is shut every year between Christmas and New Year, totalling a whopping 28+ days of vacation
• Private Healthcare and Life Insurance via Trinet
• Menopause support
• Choice of a workstation
• CAD$325 per year to spend on your home office
• Ability to work for up to 3 months per year from any country in the world
• Enhanced family leave