IT Director, Cyber Security

The Surrey School District respectfully acknowledges that our schools reside on the traditional, unceded, and shared territories of Coast Salish peoples: The q̓íc̓əy̓ - Katzie, the q̓ʷa:n̓ƛ̓ən̓- Kwantlen and the SEMYOME - Semiahmoo First Nations, who have been stewards of this land since time immemorial.

Surrey Schools is the largest BC school district and the second-largest employer in Surrey. Surrey Schools provides quality education to over 82,000 students with 124 schools sites and a variety of other learning facilities, offering a broad range of innovative programs and services to support the learning of our students. The Surrey School District team of approximately 13,000 employees works tirelessly every day to ensure that children are getting the best start they can, providing the preparation to be our leaders of tomorrow.  

Our Commitment:
Providing quality education extends beyond academic excellence; we are committed to creating and cultivating diverse, inclusive, and barrier-free environments for all applicants, employees, students, and their families.

Diversity, Equity, and Inclusion & Values:
Our identity, as Surrey Schools, is expressed in the shared values of openness, fairness and belonging and recognizes the importance of diversity of identity and thought.  We are an equal opportunity employer and welcome applicants from all backgrounds. We are committed to removing barriers and creating a workplace where everyone, regardless of their background, feels empowered to contribute their best.

Join us in our mission to provide the best start for children, preparing them to be the leaders of tomorrow. If you are passionate about education, diversity, and making a positive impact, we invite you to explore opportunities with Surrey Schools.

JOB SUMMARY

Primary Function

The IT Director, Cyber Security is responsible for developing and leading the implementation of a comprehensive cyber security program to protect the privacy and confidentiality of staff and student data in addition to the integrity, and availability of organizational information systems and associated data.

This role requires an individual who can provide strategic leadership, manage complex technical initiatives, and work collaboratively with business and IT stakeholders to align priorities and plans with District Cyber Security goals.

The IT Director, Cyber Security will lead and oversee the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to ensure compliance with regulatory and policy requirements. This includes identifying, evaluating, and reporting on information security risks to the Executive Director IT, executive team, and board of trustees as necessary.

This position reports to the Executive Director, IT. The IT Director, Cyber Security oversees IT team members responsible for technical information security technologies including incident management teams and chairs the District’s Cyber Security Advisory Team.

Nature & Scope

The IT Director, Cyber Security will actively contribute to the overall strategic planning of the organization, providing guidance and execution in their expert domain. They will work closely with the Executive Director of IT and other executive leadership to ensure the security of systems and adherence to relevant policies and standards.

The IT Director, Cyber Security will oversee a variety of IT-related risk management activities, including but not limited to information security projects and communications, identity and access management, web site and application security, technology and system security, and information security incident response.

This role requires an individual with a strong technical background in cyber security, as well as proven leadership skills in managing projects, leading project teams, and developing metrics for ongoing performance measurement and reporting to executive leadership and the board of school trustees as necessary.

The IT Director, Cyber Security is responsible for providing cyber security leadership to the organization, understanding the strategic and innovation priorities of the business, and liaising with relevant stakeholders to ensure the delivery of value to the organization.

Responsibilities

• Develop, implement, and monitor a strategic, comprehensive enterprise information security program.
• Manage the information security organization, including direct and indirect reports.
• Develop and maintain security policies, standards, and guidelines.
• Establish and maintain effective cyber security governance structures to ensure that risks are appropriately identified, managed, and reported.
• Lead incident response for cybersecurity events and ensure the district’s Incident Response Plan is up-to-date and tested annually.
• Develop and manage information security budgets and monitor for variances.
• Deliver information security and risk management awareness training programs for all employees.
• Provide regular reporting on the status of the information security program to enterprise risk teams and senior leaders.
• Develop and enhance an information security management framework.
• Provide strategic risk guidance for IT projects.
• Liaise with the enterprise architecture team to ensure alignment between security and enterprise architecture.
• Coordinate information security and risk management projects on behalf of the organization.
• Monitor the external environment for emerging threats both locally and globally and create strategic action plans to mitigate these risks and improve the organization's cyber security posture.
• Ensure security programs are compliant with relevant laws, regulations, and policies.
• Liaise among the Information Technology security team, district cyber security advisory committee, corporate compliance, risk management, audit, legal, and HR management teams as required.
• Develop and maintain effective relationships with key stakeholders to ensure that cyber security risks and concerns are identified and addressed.
• Collaborate with business units to ensure that their technology environments are secure and in compliance with applicable laws and regulations.
• Develop and implement incident response plans and participate in regular tabletop exercises to ensure preparedness for cyber security incidents.
• Continuously assess and improve the organization's cyber security maturity level.

QUALIFICATIONS

Education & Experience

•  Bachelor's degree in information systems or equivalent work experience. A minimum of seven years of IT experience, with five years in an information security role and at least two years in a supervisory capacity.
• Professional security management certification, such as CISSP, CISM, CISA or other similar credentials, is desired.
• Experience in understanding cyber threats, mitigating controls, incident response, and the ability to develop information security policies and procedures.

Knowledge, Skills, Abilities

• Knowledge of cyber security planning and operations, design, and deployment, as well as current and emerging cyber threats, security technologies, technology directions, and strategic application to enable business needs.
• Excellent oral and written communication skills, including the ability to explain technology solutions in business terms, establish rapport, influence others, negotiate and mediate resolutions to complex situations.
• Strong budget planning, financial management, and resource management skills.
• Ability to set and maintain competing priorities through effective management and delegation skills.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Project management skills, including financial/budget management, scheduling, and resource management.
• Knowledge of relevant legal and regulatory requirements such as PCI Compliance and BC's FIPPA legislation, as well as common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT, and ones from NIST.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment to meet overall objectives.
• Demonstrated ongoing career development through active and self-motivated professional development.
• Extensive experience in vendor and sourcing management.
• Inter-District travel will be required, possession of a valid driver’s license and access to a vehicle is preferred.

What we're offering

• Comprehensive Benefits Package
  - Extended Medical, Vision and Dental
  - Life Insurance, Short-Term and Long-Term Disability
  - Employee Family Assistance Program
  - Municipal Pension
• 13 Paid Holidays, plus Sick & Vacation Time
• Supportive workplace with a positive and productive work environment. Feel a sense of security and safety to act, speak, and reflect who you are

The salary range for this position is $174,956 to $194,396 per year with comprehensive benefits package and Municipal Pension.

Placement in the salary range is determined by an assessment of qualifications and ability to meet the key requirements of the job, and consideration of internal equity comparisons. The midpoint of the range represents an employee that possesses full job knowledge, qualifications, and experience for the position.

Qualified applicants can apply by clicking the "apply" button to the right of the posting. The closing date for this position is April 29, 2026 at 4:00 pm.

Surrey Schools recognizes the importance of accessibility and supporting the diverse needs of our community.  If there is any accommodation you may require for your interview, whether related to accessibility or otherwise, please do not hesitate to advise and we will make every effort to meet your needs.

Note:  Successful applicants will be required to consent to a Criminal Records Search prior to employment. Only those applicants selected for interviews will be contacted. To all others, thank you for your interest.