Director, Cybersecurity

Responsibilities

• Own the enterprise security roadmap. Work with legal, IT, and product leads to build out policy, data classification, and lifecycle management frameworks. Translate business risk into prioritized security investment and report on it clearly to senior leadership.
• You'll be lead on our security vendor and partner relationships, including our external security consultants. Renegotiating, consolidating, and vetting additions as the program evolves.
• Leader on PCI DSS, PIPEDA, and GDPR compliance for the IT domain. Manage the audit cycle with legal and development teams. Administer the vendor security assessment process for all third parties and respond to audit requests from our insurance providers and others.
• Institute Purview as our data governance platform, covering classification, DLP, information protection, and eDiscovery.
• Keep incident response plans documented, tested, and current. Oversee vulnerability management and pen testing programs.
• Partner with the Director IT and L&D to drive cybersecurity awareness and phishing simulation programs.
• Own the security metrics, spend, risk posture, and program ROI. Report monthly to IT and senior leadership in a format that tracks program maturity over time and supports good decisions on investment and risk.
• Be the internal authority on cybersecurity. Stay current on threats, tools, and governance trends through professional development and conferences.

Requirements

• 8+ years in cybersecurity with progressive responsibility; director or senior manager experience preferred.
• Deep working knowledge of the Microsoft security ecosystem: Sentinel, Defender suite, Purview, and Entra.
• Demonstrated ability to leverage AI to automate processes and keen interest in leveraging AI to drive observability and compliance in the security domain
• Demonstrated experience with compliance frameworks and audit processes: PCI DSS, PIPEDA, and GDPR.
• Proven track record managing a security vendor ecosystem including MSSPs and consulting partners.
• Hands-on experience with incident response, vulnerability management, and penetration testing programs.
• Strong program management and business communication skills - able to present risk clearly to non-technical senior leadership.
• Relevant certifications preferred: CISSP, CISM, CRISC, or equivalent
• Attributes Required
• Strategic and risk-minded, assesses the threat landscape clearly, sets priorities accordingly, and builds a plan the organization can execute against.
• A builder, energized by the opportunity to create structure and capability, not just maintain what's there.
• Credible across technical and non-technical audiences. Equally comfortable with a developer, a compliance lawyer, and a CFO.
• Proactive: surfaces threats and recommendations without being asked; never waits for an incident

Additional Information

Kensington delivers the world's most personal travel experiences. We bring to life each client's desire to travel in a way that's tailored specifically for them, in the company of local private guides who ensure that they enjoy the authentic best of their destination. The result is a unique journey rich in memories that last a lifetime! We achieve this because of our extraordinary people, passionate experts with deep knowledge of their destinations. They are what enables us to deliver remarkable experiences in over 120 countries worldwide, and across each of our businesses - Private Touring, Cruises, Villas, Yachts, Expeditions, Ultraluxe Land, Private Jets, and Air. To learn more about Kensington, visit kensingtontours.com . Role Overview As North America's leading luxury private guided travel company, part of the Range Group family of travel brands, we serve high-value travelers across North America through a team of approximately 1,000 employees, operating a proprietary sales and operations platform alongside a modern Microsoft cloud environment spanning M365 E5, Azure, and a suite of best-in-class security tools. The Director, Cybersecurity is a leadership role responsible for leading and advancing the enterprise cybersecurity function across the Range Group. This is a builder role - the organization has made deliberate investment in a modern, Microsoft-centric security stack and has engaged external security expertise to establish a strong operational foundation. The Director will take ownership of that foundation and build it into an internal center of excellence: deepening the strategy, formalizing governance frameworks, strengthening operational discipline, and embedding the cultural practices that allow the organization to manage risk with confidence as we grow.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at kensingtontours? Share your experience