Director of IT, Security and Compliance

Why Bonfire?

At Bonfire, we bring people together to make decisions with certainty. What does that mean? We’re powering billions of dollars worth of decision making across 200+ customers.

You’ve probably never heard of us before - and that’s okay - but remember when you had the opportunity to see your favourite band at a small venue before they were selling out the ACC? Joining Bonfire now is like getting on the guest list.

We’re a VC-backed, Y-Combinator success story that customers love (99% retention) and we’ve already impacted $12B+ in procurement spending decisions.

Bonfire is an opportunity for you to make an impact and accelerate your career. We’re in a unique position, growing from 40 to over 100 people in the next year. We’re looking for team members who will:

  • Make an impact
  • Drive results
  • Remain humble - no job is too small

The Role

As Bonfire’s first Director of IT, Security and Compliance, you will be partnering and reporting to Alex Millar, CTO. Not only will you be responsible for building out and supporting IT, security, and compliance programs at Bonfire, you will also be relied on to make key decisions around the security of our systems and data through best practices, monitoring, and security audits. You will also be responsible for configuration, and maintenance of equipment according to business needs. This isn’t just a strategic role, we’re looking for someone that can roll up their sleeves and follow through on projects that meet key organizational objectives while ensuring compliance.

What You'll Do

    • Systems Integration: work with departments across the organization to automate and improve technology experience
    • Oversight: centralize and maintain IT systems, tools, inventory, and procurement at Bonfire
    • Budgeting: maintain the IT, Security, and Compliance GL by reporting to finance
    • Security Program Management: coordinating internal and external testing services and related activities (scanning, reporting, and remediation processes)
    • Access Control: build and maintain systems for granting and revoking employee access across each department's SaaS toolchain
    • Education and Awareness: develop and present content for new hire training and ongoing eLearning modules that improve our security culture of healthy skepticism
    • Supplier Risk Management: due diligence reviews for ongoing material services providers and ensuring all new software and services are assessed prior to the acquisition
    • Client Due Diligence: overseeing and contributing to responses for Client DDQs (due diligence questionnaires)
    • Certifications: achieving and maintaining compliance certifications, SOC 2 & ISO 27001
    • Policies: ongoing policy compliance oversight with quarterly reviews and enhancement of policy content. Development of new policies and standards, as required

Who You Are

    • This isn’t your first rodeo, you have proven experience in an IT, Security, or Compliance Manager or Director role
    • No job is too big or too small, you have a "happy to help" and easy-going attitude towards supporting both technical and non-technical employees with regards to IT, Security, and Compliance
    • You have a reputation for being meticulously organized and you couldn’t imagine it any other way
    • You always follow through and if there is an issue that needs solving you always see it to completion
    • You have experience creating policies and procedures relating to IT governance and are comfortable educating IT colleagues on segregation of duties, documentation standards required, audit logs and audit trails
    • You have experience overseeing/developing IT security architecture and security/privacy improvement roadmaps
    • You have worked with a variety of modern best practices and tools for network and physical security
    • You have experience in managing external and internal audit requests on a timely basis and coordination of remediation efforts
    • You have had exposure to various security tools and methodologies, including vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management
    • You have experience pursuing and maintaining certain compliance certifications, experience with SOC 2 or ISO 27001 would be an asset

Join us now and accelerate your career


Recruiters: Sorry, we only deal with applicants directly!


Bonfire Interactive Ltd. strives to create an accessible and inclusive work environment where everyone is treated with respect and dignity.  Bonfire Interactive Ltd. aims to create a selection process that’s inclusive and accessible. If you need accommodation during any stage of the process, please contact and we’ll provide reasonable accommodation confidentially. Bonfire Interactive Ltd. is an equal opportunity employer and encourages applications from all qualified individuals. We thank all applicants for showing an interest; however, only candidates selected for an interview will be contacted.