At Q4, we make an impact together, obsess over our customers, operate with integrity, and bring big ideas to life. 

Q4 is charting a bold new path for investor relations as the first AI-driven IR Ops Platform, providing everything an IR team needs to succeed on a single, powerful platform. The Q4 Platform enables public companies to attract, manage, and understand investors - all in one place. Over 2,600 customers, including many of the most respected brands in the world, trust Q4 to help drive premium valuations for their companies. Only Q4 offers a tech stack holistically designed to equip IR teams with data, insights, and smart workflows that power remarkable outcomes. Learn more at q4inc.com.

We hire smart, curious, and talented people to push boundaries, reimagine what’s possible, and turn challenges into opportunities. All while keeping the needs of our clients at the heart of everything we do.

Come grow with us!

Role Summary

The Director, IT and GRC leads Q4’s IT operations, security operations, and technology governance programs to ensure a reliable, secure, and compliant internal environment for a high-growth SaaS business. The position mandates a hybrid leader capable of hands-on technical work and strategic governance oversight. The role translates strategy into execution by running the programs, teams, and processes that keep Q4’s corporate environment available, secure, and audit-ready, and acts as a senior security and risk subject-matter expert for internal and customer-facing stakeholders.

As the company is currently in a transitional phase, we are looking for a relentless problem-solver who is inquisitive and persistent enough to gather information that is currently not documented. This role is designed with succession planning in mind and serves as a vital leadership position to help mentor the IT and security team.

30-60-90 Day Expectations

First 30 Days: Focus heavily on onboarding, understanding the team and current initiatives, and navigating incomplete documentation to grasp the current state of operations.

60 to 90 Days: Transition into driving impact by participating in the 2027 budgeting cycle and formulating the future state of the IT and GRC roadmap.

Key Responsibilities

Strategy & Stakeholder Partnership: Translate enterprise technology, security, and GRC strategy into a clear roadmap. Act as a senior security and risk SME, advising internal teams and customers on best practices.

IT Operations & Service Delivery: Lead IT operations to ensure infrastructure, end-user computing, and collaboration platforms are reliable, secure, and cost-effective. Oversee incident, request, and change management.

Security Operations & Risk Management: Manage day-to-day security operations, threat monitoring, alert triage, and incident response. Operate and improve vulnerability management and support DR/BCP planning.

Governance, Risk & Compliance (GRC): Lead technology GRC processes, manage compliance programs, handle audits, and secure users. Operationalize GDPR, CCPA, PIPEDA and other requirements into controls in partnership with Legal/Privacy.

Business Systems & Enterprise Enablement: Partner with cross-functional teams to ensure platforms meet security expectations. Identify and leverage AI tooling and integrations for workflow automation.

People Leadership: Manage 4 to 5 direct reports within the existing team. Foster a culture of accountability and champion security best practices.

Qualifications & Experience

7+ years in IT operations, information security, technology risk, or GRC.

Leadership Profile: We are highly open to first-time or newer Directors who have retained their hands-on technical capabilities rather than a long-tenured director.

Strong knowledge of security and control frameworks (e.g., SOC 2, ISO 27001, NIST CSF, CIS) and privacy regulations (e.g., GDPR, CCPA, PIPEDA).

Proven ability to manage multiple security/IT/GRC projects or programs with ownership of timelines, budgets, and stakeholder communication.

Track record supporting external audits, customer security assessments, and communicating complex risk/technical topics in clear business language.

Our Technology Stack

Productivity & Environment: Google Workspace Enterprise.

Endpoint Management & Security: CrowdStrike.

Identity Management: OneLogin, supporting users across Windows and Mac environments.

Ticketing & Documentation: Jira Service Management and Confluence.

Engineering Context: Our development team utilizes the MERN stack and Playwright for automation.

Interview Process Sequence

The selection process consists of a structured interview sequence:

Initial Screen: People & Culture.

Hiring Manager Interview

Team Interview

Final Interview: Department Leader