Free Word download • Edit online • Save & share with Drive • Export to PDF
A Director of Information Technology Job Description is a formal document that defines the scope, duties, qualifications, reporting relationships, and performance expectations for a senior IT leadership role within an organization. It functions as the authoritative reference document for recruiting, offer letters, onboarding, performance reviews, and compensation benchmarking — establishing what the role is accountable for and the standards against which the hire will be evaluated. A well-drafted IT Director job description distinguishes essential functions (legally significant under the ADA) from secondary duties, separates required qualifications from preferred ones, and includes measurable success criteria so both employer and employee share a clear, documented understanding of the role from day one.
Hiring a Director of IT without a written job description creates legal, operational, and financial risk at every stage of the employment relationship. Without documented essential functions, ADA accommodation requests become impossible to evaluate consistently. Without a stated salary range, companies posting in Colorado, California, New York, or Washington face regulatory fines. Without measurable performance expectations in writing, underperformance is difficult to address and terminations are harder to defend. Operationally, an ambiguous role definition is the leading cause of IT Director failures within the first 12 months — misaligned expectations around budget authority, strategic scope, and team ownership surface immediately but take months to resolve without a written baseline. This template gives you a structured, legally informed starting point that closes those gaps before you post the role, with clauses covering compliance ownership, pay transparency, qualifications, and EEO obligations built in from the start.
| If your situation is… | Use this template |
|---|---|
| Hiring a VP-level technology executive with full P&L ownership | Chief Information Officer (CIO) Job Description |
| Filling a mid-level IT management role without strategic portfolio ownership | IT Manager Job Description |
| Hiring a hands-on technical lead with no direct reports | IT Specialist Job Description |
| Recruiting a director focused exclusively on cybersecurity | Director of Information Security Job Description |
| Defining a technology operations role without strategic planning duties | IT Operations Manager Job Description |
| Creating a contract or interim IT leadership role | Independent Contractor Agreement |
| Pairing the job description with a binding offer of employment | Employment Contract |
Why it matters: Colorado, California, New York, Washington, and several municipalities legally require a pay range on job postings. Violations carry fines and can trigger agency investigations.
Fix: Add a salary band to the compensation clause before posting externally and confirm it covers every location where the role could be filled.
Why it matters: Over-specifying required qualifications — particularly degree requirements — without documented business necessity creates disparate-impact exposure under Title VII and the EEOC's enforcement guidelines.
Fix: Audit each required qualification against the role's actual duties. Replace inflexible degree requirements with 'Bachelor's degree or equivalent experience' and move stretch credentials to the preferred section.
Why it matters: Without documented expectations, performance improvement plans and terminations for underperformance become difficult to defend, and the new hire has no clear success criteria in their first 90 days.
Fix: Add three to five specific, measurable KPIs to the performance expectations clause before the description is approved and shared with candidates.
Why it matters: If the job description contains compensation commitments, benefit promises, or termination language, courts in several jurisdictions have treated it as a binding contract — overriding intended at-will status.
Fix: Keep contractual obligations in the employment contract. The job description should describe the role; the contract should create the binding obligations. Have legal review both documents before execution.
Why it matters: An inaccurate EEO clause — wrong company name, dead email address, or missing accommodation language — signals a careless process and can expose the company to ADA and Title VII complaints.
Fix: Update the EEO statement for every new role with the current HR contact, and confirm it includes accommodation request language as required under the ADA.
Why it matters: If the employee's actual duties evolve significantly without updating the job description, the document becomes useless for performance management, compensation reviews, and succession planning — and can misrepresent the role in future disputes.
Fix: Schedule an annual review of all director-level job descriptions and update the essential functions and KPIs to reflect current reality before each performance cycle.
In plain language: States the official job title, FLSA exemption status, employment type (full-time, exempt), and the position this role reports to and supervises.
Position: Director of Information Technology | Classification: Full-Time, Exempt | Reports To: [CHIEF EXECUTIVE OFFICER / COO / CIO] | Direct Reports: [IT MANAGER, SYSTEMS ADMINISTRATOR, HELPDESK LEAD]
Common mistake: Listing an informal title that does not match the payroll system or org chart — mismatches create confusion in performance reviews and make compensation benchmarking unreliable.
In plain language: A 3–5 sentence overview of the role's purpose, the organizational unit it leads, and the strategic outcomes it owns.
The Director of Information Technology is responsible for planning, implementing, and managing all technology systems and infrastructure for [COMPANY NAME]. Reporting to the [TITLE], this role provides strategic technology leadership across [NUMBER] business units and a team of [NUMBER] IT professionals. The Director drives IT investment decisions, cybersecurity posture, and digital transformation initiatives aligned with company-wide objectives.
Common mistake: Writing a position summary so broad it could apply to any technology role — failing to tie it to the organization's specific scale, industry, or strategic priorities reduces its usefulness for both recruiting and performance management.
In plain language: Enumerates the duties the role must perform, clearly distinguishing essential functions (ADA-relevant) from secondary tasks.
Essential functions include: (1) developing and executing the annual IT strategy and budget; (2) overseeing network, server, cloud, and endpoint infrastructure; (3) managing IT vendors and service contracts; (4) ensuring compliance with [APPLICABLE FRAMEWORKS — e.g., SOC 2, ISO 27001, HIPAA]; (5) leading a team of [NUMBER] and managing performance.
Common mistake: Conflating essential functions with preferred activities — courts and HR tribunals look at the essential-function list when evaluating reasonable accommodation requests; vague or inflated lists create legal exposure.
In plain language: Defines the role's forward-looking responsibilities — IT roadmap, technology investment decisions, digital transformation ownership, and board or executive reporting.
The Director will develop a [1–3 YEAR] IT roadmap aligned to [COMPANY NAME]'s strategic plan, present quarterly technology updates to the [EXECUTIVE TEAM / BOARD], and evaluate emerging technologies for competitive advantage. Accountable for an annual IT budget of approximately $[AMOUNT].
Common mistake: Omitting budget ownership from strategic duties — without a stated budget scope, the role's authority is ambiguous and compensation negotiations become harder to anchor.
In plain language: Assigns ownership of the company's information security program, risk management obligations, and applicable regulatory compliance frameworks.
The Director is responsible for maintaining the company's cybersecurity posture in compliance with [HIPAA / SOC 2 / PCI-DSS / ISO 27001 / GDPR — as applicable], conducting annual risk assessments, overseeing incident response, and ensuring data privacy obligations are met.
Common mistake: Listing compliance frameworks without specifying who is accountable for which controls — ambiguity between IT, legal, and compliance leads to gaps and audit findings.
In plain language: States minimum non-negotiable education, years of experience, and credentials the candidate must hold before being considered.
Required: Bachelor's degree in Computer Science, Information Technology, or a related field; [8+] years of progressive IT experience including [3+] years in a leadership role; demonstrated experience managing IT infrastructure, vendors, and budgets of at least $[AMOUNT].
Common mistake: Setting qualification thresholds that screen out protected classes without documented business necessity — degree requirements and years-of-experience floors that exceed genuine job needs expose the employer to disparate-impact claims.
In plain language: Lists certifications, tools, and experience that are desirable but not mandatory, helping candidates self-select and ranking criteria for hiring decisions.
Preferred: Master's degree in Information Systems or MBA; ITIL v4 certification; CISSP or CISM; experience with [AWS / Azure / GCP]; proficiency in [ERP PLATFORM]; experience in [INDUSTRY — e.g., healthcare, financial services].
Common mistake: Blending required and preferred qualifications into a single undifferentiated list — this makes screening inconsistent and creates legal risk if different standards are applied to different candidates.
In plain language: States the salary range, bonus eligibility, benefits summary, work location, and any physical or travel requirements.
Salary Range: $[MIN]–$[MAX] annually, commensurate with experience. Eligible for annual performance bonus of up to [X]%. Benefits include [HEALTH / DENTAL / VISION / 401(K) / PTO]. Work location: [ONSITE / HYBRID / REMOTE]. Travel: up to [X]% annually.
Common mistake: Omitting a salary range in jurisdictions where pay transparency is legally mandated — Colorado, California, New York, and Washington all require ranges on job postings; violations carry fines.
In plain language: Defines measurable outcomes the role is expected to achieve, giving both parties a basis for performance reviews and merit decisions.
Success in this role will be measured by: system uptime of [X]% or above, IT helpdesk resolution time under [X] hours, on-time and on-budget delivery of [X]% of IT projects, and annual security audit with zero critical findings.
Common mistake: Leaving performance expectations entirely out of the job description — when expectations are absent from the hiring document, performance improvement plans and terminations become harder to defend.
In plain language: Affirms the employer's commitment to non-discriminatory hiring and invites candidates requiring accommodations to request them.
[COMPANY NAME] is an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other characteristic protected by law. Applicants requiring accommodation in the application or interview process should contact [HR EMAIL / PHONE].
Common mistake: Copying a boilerplate EEO statement without updating the company name or contact information — an inaccurate or generic EEO clause signals a careless process to both candidates and regulators.
Decide who this role reports to (CEO, COO, or CIO) and how many direct reports it supervises. Enter these in the title and reporting-line section before writing anything else.
💡 Misaligned reporting lines are the single most common reason IT Director hires fail within 12 months — clarify whether this is a strategic peer to C-suite or an execution-focused manager before writing the summary.
Replace all placeholder language with your company name, industry, team size, and the two or three strategic outcomes this leader will own in their first 12–18 months.
💡 Mention the approximate IT budget and team headcount in the summary — these two numbers will filter candidates more efficiently than any list of qualifications.
List only the duties the role must perform to fulfill its core purpose as essential functions. Move 'nice to have' activities to a secondary duties section or remove them entirely.
💡 Under the ADA, essential functions determine accommodation obligations — an inflated list that includes every possible task creates exposure when an employee requests a modification.
Identify which regulatory frameworks apply to your industry (HIPAA, PCI-DSS, SOC 2, GDPR) and name them in the compliance clause. Assign ownership clearly to this role rather than leaving it shared.
💡 If you are uncertain which frameworks apply, consult your legal or compliance team before posting — attracting a candidate with the wrong compliance background is costly to remediate.
Place mandatory minimums (years of experience, specific degree, non-negotiable certifications) in the required section. Move aspirational credentials to the preferred section.
💡 Review your required qualifications against EEOC guidance on business necessity — degree requirements in particular face increasing legal scrutiny; consider substituting 'or equivalent experience' language.
Enter the compensation band for the role in the compensation section. If you operate or post jobs in Colorado, California, New York, or Washington, including a range is legally required.
💡 Use a market compensation survey (Radford, Mercer, or Levels.fyi for tech roles) to set a defensible range before internal approvals — an out-of-market range attracts weak candidates and triggers internal equity complaints.
Add three to five quantifiable KPIs to the performance section — system uptime targets, helpdesk SLA, project delivery rate, or budget variance tolerance.
💡 KPIs in the job description become the natural basis for the 90-day onboarding plan and first annual review — starting with them here saves significant HR time later.
Update the EEO statement with the correct company name, contact, and any jurisdiction-specific language. Have HR or employment counsel review the full document before it is published externally.
💡 Job descriptions used in hiring decisions are discoverable in discrimination claims — a single review by employment counsel ($200–$400) is cheap insurance before a senior hire.
A Director of Information Technology leads the planning, implementation, and management of an organization's technology systems, infrastructure, and IT staff. Core responsibilities include developing the IT strategy and budget, overseeing network and cloud infrastructure, managing cybersecurity and compliance programs, negotiating vendor contracts, and reporting on technology performance to executive leadership. The role bridges hands-on technical oversight with organizational strategy.
Most organizations require a bachelor's degree in Computer Science, Information Technology, or a related field, plus 8 or more years of progressive IT experience including at least 3 years in a management or leadership role. Common preferred credentials include ITIL v4, CISSP, CISM, or a master's degree in Information Systems. Budget management experience — typically $500K or more annually — and demonstrated experience with cloud platforms (AWS, Azure, or GCP) are widely expected at the director level.
A Chief Information Officer (CIO) is a C-suite executive with company-wide technology authority, board reporting relationships, and typically ownership of digital strategy and IT governance at the enterprise level. A Director of IT usually reports to the CIO, COO, or CEO and focuses on operational execution — managing the IT team, infrastructure, vendor relationships, and day-to-day technology performance. In smaller companies without a CIO, the Director of IT often absorbs strategic responsibilities as well.
A job description is generally not intended to be a binding employment contract, but courts in several jurisdictions have found that specific compensation promises or termination language in a job description can create contractual obligations — particularly if the document was signed or incorporated by reference into an offer. To protect at-will status, keep contractual terms in the employment contract and limit the job description to duties, qualifications, and general expectations.
In an increasing number of US jurisdictions, yes. Colorado, California, New York, Washington, and several municipalities require employers to include a compensation range on job postings. Even where not legally required, including a range reduces time-to-hire, improves candidate quality, and supports internal pay equity. Review the pay transparency laws applicable to every location where the role will be posted.
A job description is the internal HR document defining the role's duties, qualifications, reporting structure, and performance expectations — used for hiring, performance reviews, and compensation benchmarking. A job posting is the candidate-facing version published on career sites, which typically includes marketing language about company culture and benefits alongside the core role details. Both documents should be consistent but serve different audiences and purposes.
At minimum, review and update the job description annually during the performance review cycle. Additionally, update it whenever the role's scope changes significantly — such as when a new compliance framework is adopted, the IT team size changes by 20% or more, or the reporting structure is reorganized. An outdated job description undermines performance management and creates misalignment between expectations and actual duties.
The relevant frameworks depend on your industry. Healthcare organizations should reference HIPAA; payment processors or retailers should list PCI-DSS; SaaS companies serving enterprise clients commonly require SOC 2 Type II oversight; organizations with EU customers or employees must address GDPR. Naming specific frameworks in the job description ensures you attract candidates with directly relevant compliance experience and establishes clear accountability for regulatory obligations from day one.
It is generally best practice to have the new hire acknowledge the job description in writing — either as a standalone signature or as an attachment to the employment contract. Signed acknowledgment confirms the employee reviewed and understood the role's essential functions and expectations, which supports performance management and, where applicable, ADA accommodation determinations. Consult employment counsel about the best approach for your jurisdiction.
An IT Manager typically oversees day-to-day operations, helpdesk, and tier-2 technical support within a defined scope. A Director of IT holds broader strategic authority — owning the IT budget, technology roadmap, and executive reporting. Use the manager description for operational roles; use the director description when the hire needs to set strategy and influence C-suite decisions.
A CIO is a C-suite executive with enterprise-wide technology authority and board-level reporting obligations. A Director of IT typically reports to the CIO, COO, or CEO and focuses on operational delivery and team management. In companies too small to justify a CIO, the Director of IT absorbs strategic functions — in that case, the CIO template may be more appropriate.
A job description defines the role — duties, qualifications, and expectations. An employment contract creates binding legal obligations — compensation, IP assignment, non-compete, termination, and severance. Both documents are needed: the job description attracts and screens candidates; the employment contract governs the relationship once hired. Conflating the two risks unintended contractual commitments.
If the IT Director role will be filled on an interim or fractional basis rather than as a full-time employee, an Independent Contractor Agreement is the appropriate governing document instead of a job description paired with an employment contract. Misclassifying a full-time IT Director as an independent contractor triggers payroll tax liability, benefits exposure, and potential regulatory penalties.
HIPAA compliance ownership, EHR system oversight, and clinical data security are non-negotiable essential functions that must appear explicitly in the description.
PCI-DSS, SOX IT controls, and financial data security obligations require tailored compliance language and often mandate specific certifications such as CISM or CRISC.
Cloud infrastructure ownership (AWS, Azure, or GCP), DevOps toolchain governance, and SOC 2 audit readiness are central duties that differentiate this role from a traditional IT director.
OT/IT convergence, ERP platform oversight (SAP, Oracle), and uptime requirements for production systems create specialized responsibilities not present in purely office-based environments.
POS system reliability, e-commerce platform integration, PCI-DSS compliance for payment data, and peak-season infrastructure capacity planning are defining responsibilities in this sector.
Data confidentiality for client information, remote workforce enablement, and cybersecurity insurance audit requirements shape the compliance and infrastructure scope of the role.
Colorado, California, New York, Washington, and several municipalities require a salary range on all job postings — violations carry fines. The FLSA requires the Director of IT to be classified as exempt (executive or administrative exemption) if paid on a salary basis above $684/week. The ADA requires employers to identify essential functions and provide reasonable accommodations; an accurate essential-functions list in the job description is key evidence in ADA compliance. Several states, including California, restrict non-compete clauses that may be referenced in accompanying employment documents.
Canadian human rights legislation (federal and provincial) prohibits discriminatory qualification requirements; degree mandates without documented business necessity carry risk under the Canadian Human Rights Act and provincial equivalents. Quebec's Bill 96 requires that job postings targeting Quebec candidates be available in French. Pay transparency requirements are expanding — British Columbia and Ontario have introduced or are considering pay range disclosure obligations. Employment Standards Act minimums apply to the underlying employment contract attached to this description.
The Equality Act 2010 prohibits job descriptions that contain indirectly discriminatory requirements — qualification thresholds and experience requirements must be objectively justifiable. The UK does not mandate salary disclosure in job adverts, but voluntary disclosure is encouraged by the Government Equalities Office to close the gender pay gap. Employers must provide a written statement of employment particulars on or before day one under the Employment Rights Act 1996; the job description is typically attached to or referenced in that statement.
The EU Pay Transparency Directive (2023/970/EU) requires member states to transpose pay disclosure obligations into national law by June 2026 — employers with 100 or more employees will need to provide salary range information to job applicants on request or proactively in postings. GDPR applies to the collection and processing of candidate data during recruitment, including any information collected in response to the job description. The EU's Employment Equality Directive prohibits discriminatory qualification requirements based on religion, disability, age, or sexual orientation.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | HR teams and small business owners hiring an IT Director for a standard domestic full-time role | Free | 30–60 minutes |
| Template + legal review | Companies in pay-transparency jurisdictions, regulated industries (healthcare, finance), or with complex compliance requirements | $200–$500 for an employment counsel review | 1–3 days |
| Custom drafted | Executive IT hires with equity, multi-jurisdiction postings, or companies with prior EEO or ADA compliance findings | $800–$2,500+ | 1–2 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start free · No credit card required
