Director of IT & Security

Summary

Join Masabi as their Director of IT & Security, leading a strategic function crucial to the company's safety, scalability, and mission readiness. You will define and lead Masabi’s global security strategy, manage audits and compliance, and lead incident response. The role also involves representing Masabi externally in security engagements and leading internal programs. You will head a small, high-performing team, with opportunities for growth through collaboration and partnerships. This position offers a hybrid or remote work model with locations in the UK, Canada (East Coast), or Colombia. If you are passionate about cybersecurity, cloud infrastructure, and enabling high-performing teams in a fast-growing SaaS company, this is the ideal opportunity.

Requirements

• Proven leadership in IT and security in a SaaS or tech-led business
• Strong knowledge of ISO27001, SOC 2, PCI DSS, and GDPR
• Skilled in incident response, risk management, and audit readiness
• Excellent communicator with customer-facing security experience
• Hands-on with IT systems (e.g. SSO, MDM, endpoint protection, Google Workspace, Salesforce, D365)
• Able to navigate complex technical and business trade-offs

Responsibilities

• Define and lead Masabi’s global security strategy across infrastructure, endpoint, SaaS, and application layers
• Manage audits and ensure compliance with ISO27001, SOC 2, GDPR, and PCI DSS frameworks
• Lead incident response, including drills and root cause analysis
• Own the security risk register and drive mitigation progress across teams
• Deliver business-wide security education and awareness
• Represent Masabi in customer security engagements, RFPs, due diligence, and assurance reviews
• Align internal posture with customer contract requirements
• Conduct periodic security reviews with key customers
• Own and manage end-to-end PCI compliance
• Lead corporate IT policies and processes (acceptable use, device management, SaaS access)
• Oversee the IT Helpdesk, device lifecycle, endpoint security, MDM, and SaaS governance
• Ensure business continuity and disaster recovery capabilities
• Manage procurement and vendor relationships for IT tooling
• Lead, mentor, and develop a small IT & Security team, fostering a high-trust, high-performance culture
• Partner with Engineering, Infrastructure, Legal, and Sales on secure systems and contracts
• Contribute to M&A diligence and post-integration efforts
• Provide strategic security reporting to executive leadership

Preferred Qualifications

• Experience in regulated/public sector environments
• Certifications: CISSP, CISM, CISA, ISO Lead Auditor
• History of scaling security maturity through growth or M&A

Benefits

• 25 days of holiday per year plus the option to buy another 5 days pro-rated
• Private Healthcare via AXA, including pre-existing conditions and mental health
• Life Insurance
• Menopause support
• Choice of workstation
• Ability to work for up to 3 months per year from any country in the world (certain limitations)
• Pension scheme
• Training allowance of up to £1000 per year
• ��200 annual allowance for any home office need or improvement
• Enhanced family leave pay
• Cycle to work scheme
• Regular social gatherings with a monthly allowance for each employee
• Fun and collaborative environment with a focus on making a difference in the world