Director of IT & Security

Xello’s Director of IT & Security

This is a remote role located in Canada only, working in Eastern Time Zone hours.

As Director of IT and Security, you will lead Xello’s IT operations and security initiatives, including data privacy and compliance in the education space. Managing the IT team, you will be responsible for developing, implementing, and monitoring security, confidentiality, business continuity, and disaster recovery controls. Working with directors and executives, you will help determine acceptable levels of risk for the organization.

You will design and implement comprehensive security evaluations and provide architectural/design guidance for mitigation strategies using current and emerging cloud technologies. As a manager you will lead and mentor the IT team to deliver on security, privacy, and IT objectives. Reporting to the VP of Engineering, you will ensure the efficient operation of the company’s network, servers, and equipment.

• Lead IT department operational planning and projects in an Agile environment.
• Take ownership over the information security roadmap.
• Ensure compliance with regulations, best practices, and customer data sharing agreements, including (but not limited to): PIPEDA, FERPA, COPPA, GDPR, CCPA.
• Conduct organization-wide security awareness training, work with engineers to ensure best practices are met in the SDLC, and stay on top of the latest threats and security practices.
• Liaise with Xello’s sales department and customers to support the security-focused aspects of RFPs and review customer data sharing agreements for compliance.
• Oversee reporting and documentation related to network and systems operations.
• Work with stakeholders to define business and system requirements for new technology implementations.
• Develop maintenance schedules for network and systems equipment.
• Analyze existing operations and make recommendations for the improvement and growth of the network infrastructure and IT systems.
• Coordinate all major incidents ensuring the correct resources are involved as quickly as possible, senior management and the business are updated in a timely fashion, post‑mortem reviews are conducted, and action items are followed through to completion.
• Provide leadership to team members through coaching, performance evaluations, training plans, and career development plans.
• Serve as the key interface with internal and external auditors for security compliance related activities.
• Protect confidential and private information that you may come into contact with in the course of your work and uphold the ethics and integrity of Xello’s code of conduct.

• Passion for quality, well‑defined processes, and technology; enthusiastic about linking these three pieces together and motivated by efficiency.
• Ownership: dependable delivery, taking responsibility for work, tasks, and timelines without losing sight of the big picture.
• Communication skills: listen and relay empathy and understanding for diverse perspectives.
• Creativity and adaptability: adapt quickly, innovate solutions, and embrace the new while accepting ambiguity.
• 10+ years experience in IT and 2 years in a people‑management capacity.
• Proven experience owning and leading SOC 2, ISO 27001, and related security/compliance audit programs across an organization, including control design, cross‑functional evidence collection, auditor coordination, gap remediation, and maintaining ongoing audit readiness.
• Deep knowledge of web application security and understanding of vulnerabilities and countermeasures.
• Strong knowledge of networking, telecom, and server technologies.
• Strong understanding of project management principles.
• Experience securing production software systems.
• Experience with incident management life cycles.
• Proven experience in IT infrastructure planning and development.
• Positive attitude and a great team player.
• University or college degree with a technical major, such as Engineering or Computer Science.

• Knowledge of Agile principles and practices.
• Information Security Certifications – CISSP, CISM, CIPM.
• CCNA, CCNP, or other network certifications.

Compensation range for this role is $155,000 – $175,000 CAD. The final offer will be determined based on the candidate's experience and expertise, as assessed during the interview process.