Position Overview The Director of Cyber Security and IT Operations leads Atreides’ global security and IT program, ensuring resilience, compliance, and operational excellence across Canada, the UK, and Australia. The role combines enterprise cybersecurity leadership with operational oversight of IT infrastructure, ensuring adherence to frameworks such as NIST SP 800-171, ISO 27001, and Cyber Essentials Plus. The Director will design, implement, and maintain policies, systems, and controls that protect company and customer data, maintain uptime, and satisfy national and international regulatory and contractual obligations. This role requires strong experience in both cybersecurity and IT operations, as well as in-depth knowledge of federal compliance regulations and cybersecurity frameworks. You will work closely with various teams to manage security operations, risk management, and ensure the company’s IT infrastructure supports government contracts while maintaining full compliance with federal requirements. Key Responsibilities 1. Cybersecurity Leadership Build and manage a unified cybersecurity program across Canada, UK, and Australia. Ensure compliance with NIST SP 800-171, ISO 27001, and Cyber Essentials Plus, aligning with government and defense customer requirements. Lead security architecture, SIEM, endpoint protection, vulnerability management, and incident response. Develop risk-based policies and ensure continuous improvement of security posture. 2. Compliance and Governance Oversee certification and compliance programs for ISO 27001 and Cyber Essentials Plus, maintaining readiness for external audits. Maintain compliance documentation: System Security Plans (SSPs), risk registers, and corrective action plans. Implement continuous monitoring, control validation, and evidence collection processes. Coordinate with external assessors and regulators to meet regional and defense-sector requirements. 3. IT Operations Management Lead IT operations across all regions, covering infrastructure, networking, cloud, collaboration systems, and end-user computing. Manage MDM, endpoint encryption, and identity and access management integrated with Azure Active Directory and other cloud platforms. Oversee ITSM processes—change, incident, and problem management—to ensure service quality and uptime. Direct vendor management and technology procurement aligned with security and compliance standards. 4. Risk and Vulnerability Management Implement an enterprise risk management framework consistent with ISO 31000 and NIST RMF principles. Lead vulnerability scanning, patch management, and configuration compliance across all systems. Monitor threat intelligence and ensure proactive response to emerging global threats. 5. Audit and Reporting Prepare for and lead audits for ISO 27001, Cyber Essentials Plus, and contractual cybersecurity assessments. Provide security and IT performance metrics, KPIs, and compliance dashboards to senior leadership. Maintain transparency and accountability through clear documentation and regular reviews. 6. Policy, Procedures, and Documentation Develop and maintain corporate IT and security policies, including incident response, access control, and data handling. Ensure alignment between cybersecurity, privacy, and legal requirements (PIPEDA, UK Data Protection Act, Australian Privacy Principles). Conduct regular policy reviews and staff training. 7. Infrastructure and Cloud Security Oversee secure configuration and operation of all cloud and hybrid environments (Azure, AWS). Ensure strong IAM enforcement, including MFA and conditional access policies. Maintain data protection, backup, and disaster recovery capabilities meeting ISO 27001 and NIST standards. 8. Incident Response and Continuity Planning Maintain and test the Incident Response Plan and Business Continuity Plan. Lead cross-regional incident response and root-cause analysis. Coordinate communication with leadership and regulatory authorities during incidents. 9. Cross-Functional Collaboration Partner with Legal, HR, Operations, and Engineering to embed security into corporate and technical workflows. Advise executives and regional leaders on compliance obligations and risk decisions. Engage with government clients and certification bodies as the cybersecurity subject-matter expert. Required Qualifications Bachelor’s degree in Computer Science, Information Security, or related discipline ( Master’s preferred). 8 years in cybersecurity and IT operations, including 3 years in leadership. Proven experience implementing and maintaining NIST SP 800-171, ISO 27001, and Cyber Essentials Plus. Strong knowledge of Azure AD, MDM, SIEM, and endpoint management platforms. Demonstrated success managing security audits, incident response, and enterprise IT operations. Certifications: CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or equivalent. Desired Skills Experience leading multinational IT and security operations. Knowledge of defense, critical-infrastructure, or government-sector cybersecurity expectations. Ability to build scalable governance frameworks and mentor technical staff. Strong analytical, communication, and executive-reporting capabilities. Benefits Competitive compensation package Health, dental, and retirement programs aligned with regional standards Paid time off and public holidays in region of residence Training and certification support Flexible hybrid work environment