Director of IT Security

Security EngineerSecurity EngineerFull TimeRemoteLeadTeam 11-50H1B No SponsorCompany SiteLinkedIn

Location

Canada

Posted

1 day ago

Salary

$165K - $200K / year

Seniority

Lead

Bachelor Degree7 yrs expEnglishCloudCyber Security

Job Description

Director of IT Security

Directive

• Develop and execute the company's information security strategy and scalable security roadmap • Establish and maintain enterprise security policies, standards and governance frameworks • Present cybersecurity risks, recommendations and security metrics to executive leadership • Partner with department leaders to ensure security is integrated into business operations and decision-making • Conduct ongoing enterprise-wide cybersecurity risk assessments across infrastructure, endpoints, applications and business processes • Build and maintain the organization's cybersecurity risk register and remediation roadmap • Lead vulnerability management efforts and prioritize remediation based on business risk • Perform third-party vendor security assessments and ongoing vendor risk management • Own the organization's incident response program, including playbooks, tabletop exercises and post-incident reviews • Oversee endpoint security, identity and access management, privileged access controls, MFA and device security • Lead security compliance initiatives including SOC 2 Type II and future security certifications • Build and/or manage company-wide security awareness and phishing training programs • Educate employees on evolving cybersecurity threats, social engineering, AI usage and data protection best practices

Job Requirements

  • 7+ years of experience in cybersecurity, information security or risk management
  • 3+ years leading enterprise security programs or security teams
  • Demonstrated experience performing cybersecurity risk assessments and threat modeling
  • Strong knowledge of cloud-first and SaaS-based environments including Google Workspace, Salesforce, NetSuite, Okta and modern identity platforms
  • Experience implementing and maintaining security frameworks such as SOC 2, ISO 27001 or the NIST Cybersecurity Framework
  • Deep understanding of endpoint security, identity management, vulnerability management, incident response and security operations
  • Experience working within fully remote organizations supporting distributed workforces
  • Strong executive communication skills with the ability to translate technical risk into business impact
  • CISSP, CISM, CRISC, or equivalent cybersecurity certification is strongly preferred

Benefits

  • Medical, dental, vision plans, disability, and life insurance coverage for you and your family
  • 100% employer-paid plan for you and a 50% employer contribution for your dependents
  • Access to certified therapists through Spring Health, membership to Headspace
  • Physical therapy through Omada, fertility support through Carrott, thousands of Aaptiv virtual workouts, complimentary One Medical membership for primary and virtual care
  • Unlimited PTO (2-week minimum), Paid Company Holidays, Your Birthday Off, End of Year Recharge (Closed December 24 - January 1), Paid Parental Leave
  • Traditional and Roth 401(k) with a 3% company match
  • Annual bonus based on tenure, which scales in total amount over time

Related Categories

Related Job Pages

More Security Engineer Jobs

Vanta Inc. logo

Senior Security Engineer

Vanta Inc.

Vanta Inc. is a software development company that is on a mission “to secure the internet and protect consumer data.” As an employer, the company strives to

• Participate in team exercises to identify potential security risks, including threat modeling and tabletop scenarios • Contribute to complex prioritization discussions around which risks are the most important to solve next • Plan projects to address the risks we prioritize, and coordinate with cross-functional stakeholders across the company to execute those projects • Build maintainable programs to implement operational excellence where ongoing work is needed to achieve our goals (e.g. vulnerability management) • Partner with engineering teams to architect secure software, address security concerns, and build a strong security culture • Build, customize, and run tools to increase the maturity of our security program without adding undue friction to the company’s operations • Support ongoing bug bounty and penetration testing programs • Establish and maintain a network of security champions • Understand security knowledge gaps of the development organization and help to deliver training to address gaps • Provide input into architectural discussions to enable teams to innovate in a secure and repeatable manner

United States
$227K - $267K / year
Full TimeRemoteTeam 501-1,000Since 2005H1B No Sponsor

• Review and threat model AI-powered product features, LLM integrations, agentic workflows, MCP servers, tools, plugins, retrieval systems, model outputs, and internal AI tools before launch. • Build reusable AI security primitives such as guardrails, scanners, policy checks, tool-use controls, registries, sandboxes, libraries, and workflow-native enforcement points. • Design security tooling that can sit in the inference, retrieval, or execution path to detect and prevent prompt injection, jailbreaks, tool misuse, data leakage, unsafe code generation, and suspicious agent behavior. • Partner with teams building products and platforms with AI to define practical security controls that fit how they design, build, and ship. • Proactively find, fix, and prevent AI security issues, while making any required product or engineering changes clear and low-friction for partner teams. • Turn one-off AI security issues into systemic fixes, paved paths, measurable controls, and reusable guidance.

United States
$190.8K - $267.1K / year
First Stop Health logo

Security Engineer

First Stop Health

We deliver care that people love. Members can talk with doctors or counselors 24/7 via app, website or phone.

Full TimeRemoteTeam 51-200Since 2011H1B No Sponsor

• design, implement, and maintain security controls and practices across the organization • partner closely with Engineering, DevOps, IT, Compliance, and the broader Information Security team to identify risks and strengthen security posture • lead application security initiatives including architecture reviews, threat modeling, code reviews, and penetration testing coordination • integrate security controls and testing into the SDLC and CI/CD pipelines • partner with development teams to remediate vulnerabilities and improve secure coding practices • champion secure design principles across web, mobile, API, and cloud-native applications • support implementation and operation of security testing tools including SAST, DAST, SCA, and secrets detection • perform and facilitate threat modeling exercises to identify potential attack vectors and prioritize risks • conduct risk assessments and provide actionable guidance to reduce application-level security risk • communicate risk findings clearly, balancing technical detail with business impact • design, implement, and maintain security controls across cloud, infrastructure, applications, and enterprise systems • evaluate and implement security technologies that improve organizational security posture • support identity and access management initiatives, including authentication, authorization, and privileged access controls • assess cloud environments for security risks and recommend remediation strategies • assist with security investigations, incident response activities, and post-incident reviews

United States
GitLab logo

Senior Manager, Security Compliance

GitLab

Build software faster. The One DevOps Platform enables your entire org to collaborate around your code. We're hiring.

Full TimeRemoteTeam 1,001-5,000Since 2014H1B No Sponsor

• Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function. • Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP). • Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems. • Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices. • Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape the team's roadmap and prepare the business for new requirements. • Manage relationships with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests. • Strengthen the team's security metrics and reporting practices, including preparing and facilitating regular business reviews and giving leadership clear visibility into progress and risk. • Serve as a subject matter expert and thought partner by delivering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping strengthen GitLab's voice in the broader security market.

United States
$168K - $245K / year