- Company Name
- Draganfly Inc.
- Job Title
- Director of IT & Security
- Job Description
-
Job title: Director of IT & Security
Role Summary:
Lead the design, implementation, and management of the organization’s technology and security architecture to support rapid growth. Deliver a secure, scalable IT foundation that aligns with business objectives, integrating security into all phases of development and operations.
Expectations:
• Build and scale the IT foundation from scratch with a focus on reliability, scalability, and security.
• Translate strategic goals into operational excellence across infrastructure, cloud, and security.
• Influence cross‑functional teams and executive leadership with clear, decisive communication.
Key Responsibilities:
1. Define and execute an enterprise cybersecurity strategy and roadmap.
2. Oversee network, cloud, endpoint, and identity security, ensuring resilient protection.
3. Lead incident response, disaster recovery planning, and tabletop exercises.
4. Maintain compliance with ISO 27001, SOC 2, NIST CSF, GDPR, and applicable local regulations.
5. Manage security architecture, vulnerability assessments, and penetration testing.
6. Embed security into the software development lifecycle (DevSecOps) in collaboration with IT and DevOps teams.
7. Monitor emerging threats and implement proactive, risk‑based countermeasures.
8. Control security budgets, evaluate and negotiate vendor contracts, and prioritize technology investments.
9. Produce regular security posture reports for executive leadership and the board.
Required Skills:
• Strategic IT & security leadership with hands‑on operational experience.
• Proficiency with AWS, Azure, GCP cloud platforms and associated security services.
• Expertise in network, endpoint, IAM, SIEM, firewalls, encryption, vulnerability management, and penetration testing.
• Strong knowledge of ISO 27001, SOC 2, NIST CSF, GDPR, and related frameworks.
• Proven incident response, disaster recovery, and risk management capabilities.
• Experience embedding security into DevOps (DevSecOps) and the SDLC.
• Vendor management, budget ownership, and procurement experience.
• Excellent written and verbal communication; ability to influence technical and non‑technical stakeholders.
• Calm under pressure, decisive during incidents, and adept at problem solving.
Required Education & Certifications:
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Engineering, or related field.
• Master’s degree (MBA, MSc Information Security, MSc Information Systems) is an asset.
• 8+ years progressive experience in IT, infrastructure, cloud, security, or systems administration.
• 3+ years of leadership/management experience spanning IT and security.
• Certified CISSP, CISM, CISA, CCSP, or equivalent highly preferred.
• Demonstrated success delivering cross‑functional IT/security initiatives (cloud migrations, system upgrades, digital transformation).