PenderFund Capital Management Ltd (“Pender”) is an independent, employee-owned, value-based investment firm founded in 2003. We are one of the fastest growing investment firms in Canada, and our goal is to be the first choice for investors looking to protect and grow their capital. We have grown from a couple of people with a passion for investing into a diverse and inclusive workplace of over 90 people by seeking out and hiring the most qualified, talented and experienced people.

We are seeking a Director of IT Operations & Security, based in our Vancouver head office, to lead and mature Pender’s IT service delivery and cybersecurity functions. This role is accountable for ensuring reliable, secure, and well-governed technology operations that support client service, regulatory obligations, and business growth.

Reporting to senior leadership, this is a hands-on leadership role requiring disciplined operational execution, strong vendor governance, and structured cybersecurity oversight. The Director will ensure the firm’s technology environment is resilient, audit-ready, and aligned with the organization’s risk profile and strategic priorities.

Key Responsibilities include:

Cybersecurity, Risk & Resilience

• Lead the firm’s cybersecurity and IT risk program, including endpoint protection, vulnerability management, cloud security, and identity & access governance.
• Maintain the IT risk register and ensure timely remediation of identified risks.
• Ensure audit and regulatory readiness consistent with financial services standards.
• Oversee incident response preparedness, testing, and continuous improvement.
• Lead disaster recovery (DR) and business continuity planning (BCP), including testing and reporting.
• Enforce identity lifecycle management and least-privilege access controls, including periodic access reviews and timely deprovisioning.

Vendor & Third-Party Risk Management

• Oversee managed service providers and IT vendors, including vendor selection, contract negotiation, renewals, and ongoing performance management.
• Define and monitor SLAs and conduct structured service reviews.
• Govern software licensing and SaaS usage to ensure cost efficiency, compliance, and visibility into third-party risk.
• Ensure vendor contracts include appropriate security, privacy, and regulatory protections.
• Lead third-party security due diligence and remediation tracking.

Operational Governance & Continuous Improvement

• Establish IT operating cadence and reporting for senior leadership, providing visibility into service performance, risk exposure, and remediation progress.
• Identify and implement process improvements that reduce manual effort and key-person dependency.
• Align IT priorities with firm strategy and risk tolerance in partnership with senior leadership.
• Develop and manage the IT operating budget and contribute to OpEx and CapEx planning.
• Maintain IT policies and procedures in collaboration with Compliance and executive leadership.

IT Operations & Service Delivery

• Provide strategic oversight of IT operations delivered by the managed services provider, including infrastructure, cloud services, end-user support, and access administration.
• Establish and monitor service performance metrics (e.g., uptime, MTTR, incident trends) to ensure SLA compliance and continuous improvement.
• Oversee incident management, escalation, root cause analysis, and remediation planning.
• Ensure infrastructure reliability, performance, and security baseline compliance through structured vendor oversight.

Qualifications:

• 7–10+ years of progressive IT leadership experience with accountability for IT operations, cybersecurity, and service delivery.
• Bachelor’s degree in Computer Science, Engineering, or related field; relevant certifications (e.g., CISSP, CISM, CRISC, ITIL) considered an asset.
• Experience operating in regulated environments, ideally within financial services.
• Proven leadership across infrastructure, cloud platforms, identity and access management, and IT service management.
• Demonstrated ability to implement and oversee cybersecurity controls aligned with frameworks such as NIST CSF, CIS Controls, or ISO 27001.
• Strong experience managing vendors and managed service providers, including SLA governance and performance accountability.
• Execution-oriented leader and clear communicator who can translate technical risk into business impact and balance security rigor with operational pragmatism.

What’s in it for you?

• Great compensation (competitive base and bonus) & benefits package which includes an employee RRSP matching program.
• Opportunity to be part of a collaborative team

We are sharing that the estimated salary range for this position is $150,000 - $180,000 per year. In determining final salary, Pender considers many factors including the candidate’s qualifications, relevant experience, job responsibilities, market conditions, position location and internal equity. Our aim is to ensure fair compensation practices that align with industry standards while acknowledging the unique value and expertise each individual brings to the role. The final base salary for the offer will be presented as part of a competitive compensation package.

Our commitment to equity, diversity and inclusion:

Pender is committed to creating and maintaining a workplace that recognizes and values differences. It is a core principle at Pender that an equitable, diverse and inclusive workplace simply makes us better. A diverse team with a range of knowledge and experience makes better decisions, which means better results for our stakeholders. We do not discriminate on any basis and welcome applications from all qualified individuals. When selecting candidates for employment, promotion, training or any other benefits, it is on the basis of aptitude and ability. Should you require any accommodation or have questions, please let us know.