Director, Cybersecurity

Kensington delivers the world’s most personal travel experiences. We bring to life each client’s desire to travel in a way that’s tailored specifically for them, in the company of local private guides who ensure that they enjoy the authentic best of their destination. The result is a unique journey rich in memories that last a lifetime!

We achieve this because of our extraordinary people, passionate experts with deep knowledge of their destinations. They are what enables us to deliver remarkable experiences in over 120 countries worldwide, and across each of our businesses – Private Touring, Cruises, Villas, Yachts, Expeditions, Ultraluxe Land, Private Jets, and Air. 

To learn more about Kensington, visit kensingtontours.com . 

Role Overview

As North America's leading luxury private guided travel company, part of the Range Group family of travel brands,  we serve high-value travelers across North America through a team of approximately 1,000 employees, operating a proprietary sales and operations platform alongside a modern Microsoft cloud environment spanning M365 E5, Azure, and a suite of best-in-class security tools.

The Director, Cybersecurity is a leadership role responsible for leading and advancing the enterprise cybersecurity function across the Range Group. This is a builder role — the organization has made deliberate investment in a modern, Microsoft-centric security stack and has engaged external security expertise to establish a strong operational foundation. The Director will take ownership of that foundation and build it into an internal center of excellence: deepening the strategy, formalizing governance frameworks, strengthening operational discipline, and embedding the cultural practices that allow the organization to manage risk with confidence as we grow.

What You'll Do

• Own the enterprise security roadmap. Work with legal, IT, and product leads to build out policy, data classification, and lifecycle management frameworks. Translate business risk into prioritized security investment and report on it clearly to senior leadership.
• Look after the full security stack: Sentinel, Defender for Cloud, Defender for Endpoint, Defender EASM, Purview, Dynatrace, SonarCloud, Barracuda, and Ninjio. Set configuration standards and runbooks. Run Sentinel as the primary SIEM: reviewing alerts, investigating incidents, and making sure everything gets triaged, logged, and resolved or escalated.
• You’ll be lead on our security vendor and partner relationships, including our external security consultants. Renegotiating, consolidating, and vetting additions as the program evolves.
• Leader on PCI DSS, PIPEDA, and GDPR compliance for the IT domain. Manage the audit cycle with legal and development teams. Administer the vendor security assessment process for all third parties and respond to audit requests from our insurance providers and others.
• Institute Purview as our data governance platform, covering classification, DLP, information protection, and eDiscovery.
• Keep incident response plans documented, tested, and current. Oversee vulnerability management and pen testing programs.
• Partner with the Director IT and L&D to drive cybersecurity awareness and phishing simulation programs.
• Own the security metrics, spend, risk posture, and program ROI. Report monthly to IT and senior leadership in a format that tracks program maturity over time and supports good decisions on investment and risk.
• Be the internal authority on cybersecurity. Stay current on threats, tools, and governance trends through professional development and conferences.

Qualifications

• 8+ years in cybersecurity with progressive responsibility; director or senior manager experience preferred.
• Deep working knowledge of the Microsoft security ecosystem: Sentinel, Defender suite, Purview, and Entra.
• Demonstrated ability to leverage AI to automate processes and keen interest in leveraging AI to drive observability and compliance in the security domain
• Demonstrated experience with compliance frameworks and audit processes: PCI DSS, PIPEDA, and GDPR.
• Proven track record managing a security vendor ecosystem including MSSPs and consulting partners.
• Hands-on experience with incident response, vulnerability management, and penetration testing programs.
• Strong program management and business communication skills — able to present risk clearly to non-technical senior leadership.
• Relevant certifications preferred: CISSP, CISM, CRISC, or equivalent

Attributes Required

• Strategic and risk-minded, assesses the threat landscape clearly, sets priorities accordingly, and builds a plan the organization can execute against.
• A builder, energized by the opportunity to create structure and capability, not just maintain what's there.
• Credible across technical and non-technical audiences. Equally comfortable with a developer, a compliance lawyer, and a CFO.
• Proactive: surfaces threats and recommendations without being asked; never waits for an incident to drive improvement.
• Low ego and collaborative, builds through influence as much as authority; works well with legal, product, and business peers.
• Accountable, owns the security posture of the organization and does not deflect risk to vendors or colleagues.
• Committed to continuous learning: the threat landscape moves fast; this person moves with it.

We know that our success is dependent on the people who join our team, which is why we recruit the best. Our team is made up of owners; people who are smart, low ego, and who are accountable for their results. We all play a part in the success of the company and are proud of what we do.

We provide a competitive compensation package with a strong pay for performance rewards approach. Employees have the opportunity to participate in incentive programs and compensation tied to business and individual performance. The expected compensation range for this position is: $130,000 to $160,000.

The actual compensation may vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. #LI-Hybrid

We are committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If you require accommodation due to a disability at any stage of our hiring process, please advise us when completing your application.

The Range Group may use artificial intelligence throughout the recruitment process to screen, assess or select applicants for this position. These tools assist our hiring team but do not replace human judgment. Final hiring decisions are ultimately made by the hiring team.