How to Hire an IT Director

What Is an IT Director?

The IT Director is the most senior technology leadership role at small and mid-size UK businesses where the complexity of the technology function does not yet justify a full CIO or CTO appointment. The IT Director is accountable for the firm’s internal technology infrastructure — the systems, networks, hardware, software, and IT service management that enable the business to operate — and for the technology strategy that will support the firm’s commercial objectives over the next two to five years.

This guide explains the IT Director role in a UK context, how it differs from the CIO and CTO, what the candidate profile looks like, and how to run the search. It draws on the work Exec Capital does on IT Director appointments across professional services, financial services, retail, healthcare, and manufacturing businesses.

The IT Director is one of the most commonly mis-scoped senior appointments in the UK mid-market. Firms that advertise for a CIO when they need an IT Director will find the compensation expectation gap, the candidate profile mismatch, and the authority structure mismatch all create problems. Equally, firms that advertise for an IT Director when they actually need a CTO — because they are building product rather than managing infrastructure — will attract entirely the wrong candidate population. Getting the title and scope right before the brief is written determines the quality of the entire search.

IT Director vs CIO and CTO

The IT Director, CIO, and CTO are three distinct roles that are frequently confused in briefs and in the market. Understanding their differences is the starting point for any technology leadership appointment.

The IT Director is typically the right title for the most senior technology role at a firm of 50–500 employees where technology is an enabler of the business rather than a core product. The IT Director manages the internal IT function: infrastructure, security, systems, helpdesk, and vendor management. Their mandate is primarily operational and tactical — keeping the technology running, managing the cost base, and planning the near-term infrastructure investments that support business growth. At some firms the IT Director also carries a strategic technology planning responsibility, but this is typically within a two to three-year horizon rather than the longer-term strategic architecture that a CIO would own.

The CIO (Chief Information Officer) is the IT Director’s C-suite equivalent at larger, more complex firms — typically above £50 million revenue or with significant digital operations, multiple systems integrations, or a substantial external data and information management mandate. The CIO has a broader strategic scope than the IT Director: they own the firm’s information strategy, not just its IT operations. The CIO typically has board-level access, a seat on the executive committee, and accountability for major technology investment decisions rather than just operational IT management. For firms at this scale, the How to Hire a CIO guide provides the relevant framework.

The CTO (Chief Technology Officer) is a product-oriented role — responsible for the technology architecture and engineering capability of what the firm builds and delivers to customers. The CTO is the right appointment at technology firms, software companies, and product-led businesses where the primary technology challenge is building and scaling the product. The CTO’s mandate is outward-facing; the IT Director’s is inward-facing. For product-led firms, the How to Hire a CTO guide covers the relevant appointment. A non-technology firm that is building digital customer channels needs both an IT Director (for internal IT) and potentially a CDO or CTO (for the digital product) — or a single senior technology leader with sufficient breadth to cover both, which exists but is uncommon.

What an IT Director Actually Does

The IT Director mandate at a UK mid-market firm covers six areas of ownership, each requiring a combination of technical knowledge and management capability.

IT infrastructure and operations. The IT Director is accountable for the firm’s IT infrastructure — servers, networks, cloud platforms, endpoints, communication systems, and the managed service arrangements that support them. This includes the availability and performance of these systems, the refresh and upgrade cycle, and the vendor relationships that underpin the infrastructure. At most mid-market firms, this is a hybrid environment: some on-premises infrastructure, some cloud (typically Microsoft Azure or AWS), and a growing proportion of SaaS applications that require integration and governance management.

Cybersecurity and information security. For most mid-market firms without a CISO, the IT Director carries the information security accountability — protecting the firm’s data and systems from cyber threats, managing the security tooling (endpoint protection, email security, access management), overseeing the cyber insurance requirements, and maintaining compliance with relevant security standards (Cyber Essentials, ISO 27001 where applicable). The increasing sophistication and frequency of cyber attacks on mid-market firms has elevated this accountability significantly over the past five years. The How to Hire a CISO guide provides context on when the cybersecurity mandate becomes large enough to warrant a dedicated CISO appointment.

Software and systems management. The IT Director manages the firm’s software estate — the ERP, CRM, HR, finance, and productivity applications that the business relies on — including licensing, renewals, version management, and the integration requirements between systems. Major software decisions (ERP implementations, CRM platform changes, cloud migrations) are typically the IT Director’s most high-profile deliverables and carry significant implementation risk that requires senior project management alongside technical competence.

IT team management. The IT Director manages the internal IT team — typically ranging from two to twenty people at mid-market firms — and the external managed service providers and specialist contractors that support the function. Building the team’s capability, managing performance, and making the build-versus-buy decisions on IT services are ongoing management responsibilities alongside the operational and strategic work.

Technology strategy and investment planning. The IT Director develops the firm’s technology roadmap — a two to four-year view of the infrastructure investments, software upgrades, and capability developments the firm needs — and presents this to the CEO and board with the investment case that supports it. This is the activity that most clearly distinguishes a strategic IT Director from an operational IT manager, and it is the one that most firms find hardest to assess in the recruitment process.

Supplier and contract management. The IT Director manages the portfolio of technology suppliers — negotiating contracts, managing performance, and making the sourcing decisions that balance cost, capability, and risk across the technology supply chain. At mid-market firms, the IT Director often manages 20–40 supplier relationships simultaneously, ranging from major platform vendors to specialist support contractors.

When Is the Right Time to Hire an IT Director?

Four situations consistently mark the right moment for an IT Director hire at UK mid-market firms.

Outgrowing informal IT management. The most common trigger: the firm has been managing IT through a combination of an external managed service provider, a part-time IT contractor, and an internal administrator. This arrangement works at 20–30 people; it breaks down at 50–100 as the volume of IT issues, the complexity of the software estate, and the security risk profile all exceed what informal management can address. An IT Director hired at this scale inflection point restructures the IT function properly before problems accumulate.

Major technology transformation. A cloud migration, an ERP implementation, a significant digital channel build, or a consolidation of multiple legacy systems following an acquisition all create a project-level IT leadership requirement that cannot be managed through a managed service provider or a project management contractor alone. The IT Director provides the ownership and accountability that transformational technology projects require.

Cybersecurity risk management. An increasing number of IT Director appointments are driven by cyber risk concern — either following a security incident, an insurance requirement for improved security governance, or a board or PE investor review that identifies the firm’s cybersecurity posture as inadequate. The IT Director who has genuine cybersecurity management experience is significantly more valuable than one whose background is purely infrastructure management.

PE investment or institutional governance requirement. Private equity investors and institutional lenders often require a named senior technology accountable as a condition of investment or as a first-hundred-day priority. The IT Director appointment at a PE-backed mid-market firm is frequently initiated by the PE house rather than by the management team, reflecting investors’ understanding of the technology risk and cost management opportunities that a competent IT Director can deliver.

The IT Director Candidate Profile

The IT Director candidate pool in the UK is large, but the variation in quality is significant. The technology management profession spans a wide range of experience levels, and the difference between a strong IT Director and a capable IT manager is often not obvious from a CV alone. The assessment process needs to test strategic thinking and commercial orientation alongside technical competence.

Technical depth in the relevant infrastructure context. The IT Director needs genuine command of the technology environment they will be managing — Microsoft 365 and Azure environments, network infrastructure, endpoint management, cloud architecture basics, and the security tooling relevant to the firm’s risk profile. This does not mean they need to be a hands-on engineer; it means they need to understand the technology well enough to evaluate the quality of work being done by their team and their suppliers, and to make sound investment decisions.

Commercial and financial literacy. An IT Director who cannot build a business case, manage a budget, or communicate technology risk in financial terms will consistently struggle to get the investment approvals the function needs. The most common gap in IT Director candidates from purely technical backgrounds is the inability to frame technology decisions in commercial language — cost of downtime, cost of a data breach, ROI on a cloud migration — that a CEO or CFO finds compelling.

Vendor management experience. Mid-market IT functions are heavily dependent on managed service providers and specialist vendors. An IT Director who has not managed complex vendor relationships — negotiating SLAs, managing performance, handling contract disputes, and making insource-versus-outsource decisions — will struggle with one of the function’s most time-consuming and commercially significant responsibilities.

Cybersecurity awareness. For any IT Director appointment in the current threat environment, cybersecurity knowledge is no longer optional. The IT Director does not need to be a security specialist, but they need to be able to assess the firm’s security posture, design a reasonable security improvement programme, manage the cyber insurance requirements, and make credible recommendations to the board on security investment priorities.

Stage and sector fit. An IT Director from a large corporate with a 50-person IT team and a mature IT governance framework will often struggle at a 150-person firm where the IT function has been managed informally and needs to be built from scratch. Stage fit — specifically, experience of operating with limited resources, building process and governance rather than inheriting it — is a material consideration for mid-market IT Director appointments.

Where IT Director Talent Comes From

IT Director candidates in the UK come from two primary backgrounds: career IT managers who have progressed through technical roles into management, and broader operations or technology leadership generalists who have carried IT accountability alongside other responsibilities. Each has different strengths.

Career IT professionals who have moved from network engineer or systems administrator roles through IT management to IT Director have deep technical credibility but sometimes need development on the commercial and strategic dimensions of the role. Generalist operations leaders who have carried IT accountability as part of a broader remit often have stronger commercial orientation but may lack the technical depth to manage specialist IT team members and vendors effectively.

The strongest IT Director candidates are those who have spent their entire career in IT management roles — from technical through to management — but who have done so at firms with a commercial orientation that has required them to develop business acumen alongside technical knowledge. IT managers at professional services firms, financial services businesses, and commercially-driven technology firms are typically better calibrated commercially than those from pure IT services or public sector backgrounds.

Running the IT Director Search

The IT Director search typically combines a structured interview process with a technology estate review exercise — presenting the candidate with a summary of the firm’s current technology environment and asking them to identify the key risks, the improvement priorities, and the investment decisions they would propose in the first 12 months. This exercise is more revealing than almost any interview question because it tests the candidate’s diagnostic process, their risk prioritisation, and their ability to communicate technology recommendations in business terms.

Reference conversations should be structured around specific deliverables: what technology investments the candidate drove and what they cost and delivered, how they managed a specific security incident or near-miss, and how they navigated a significant technology project (migration, implementation, consolidation). Generic references about reliability and professionalism are not adequate for an IT Director appointment at a firm where the technology function has been undermanaged.

A well-run IT Director search typically runs 10–14 weeks. The candidate pool is large enough that advertised process can supplement direct search, but passive candidates — those currently in IT Director roles and not actively looking — typically produce the strongest shortlist. The most capable IT Directors are usually employed and not actively searching; reaching them requires direct outreach with a compelling brief.

IT Director Compensation Benchmarks

Base salary. IT Director base salaries in the UK vary significantly by firm size, sector, and the scope of the role. At firms with 50–200 employees, IT Director salaries typically run from £70,000 to £110,000. At firms with 200–500 employees or with a significant technology estate, the range is typically £100,000–£150,000. Financial services, healthcare, and logistics firms — where technology risk is high and the regulatory context adds complexity — tend to pay at the upper end of these ranges.

Bonus. Annual bonuses of 10–20% of base are standard at IT Director level. Technology-linked KPIs — system availability rates, security incident metrics, project delivery performance, and IT cost as a percentage of revenue — are sometimes included in bonus structures at firms with sophisticated IT governance.

Benefits. Car allowance (£4,000–£8,000) for roles with multi-site responsibilities is standard. Private medical, pension contributions, and life assurance at standard director-level terms are expected. On-call provisions should be discussed explicitly — IT Directors at firms with critical 24/7 operational technology requirements may carry out-of-hours obligations that should be reflected in the total package. See the Executive Compensation Guide for broader benchmarks.

Onboarding Your IT Director

The IT Director’s onboarding begins with an immediate audit of the technology estate — because the most important thing a new IT Director needs to understand is the current state of what they have inherited. The pre-boarding briefing should include the current IT inventory (hardware, software, licences), the current managed service provider contracts and their performance history, the most recent cybersecurity assessment if one has been conducted, and a list of the outstanding IT issues and requests that have accumulated.

The first 30 days should focus on discovery: understanding the estate, meeting the IT team and key internal technology users, reviewing the supplier relationships, and identifying the most urgent risks and the most obvious quick wins. The IT Director should produce a written summary of their initial findings — ideally within 45 days — so that the CEO and board have a documented baseline for the IT function’s current state. This baseline serves both as a performance reference and as the starting point for the IT Director’s improvement plan.

Days 60–90 should deliver a 12-month IT roadmap and budget proposal — the prioritised list of investments, projects, and operational improvements that the IT Director proposes for the first year. This document should be presented to the CEO and, where relevant, to the board — demonstrating the IT Director’s ability to communicate technology priorities in commercial and risk management terms. A strong first-quarter IT roadmap presentation is often the moment the IT Director establishes their credibility with the leadership team.

Common Hiring Mistakes

1. Hiring an IT manager rather than an IT Director. The most common mistake at the lower end of the mid-market. A capable IT support manager who is promoted or hired into an IT Director role without the strategic and commercial orientation the role requires will manage operations adequately but will not drive the technology agenda the business needs. The brief should specify the strategic and commercial dimensions of the role explicitly, and the assessment should test them.

2. Over-specifying on certifications at the expense of experience. ITIL, Prince2, and Microsoft certifications are useful indicators but should not substitute for demonstrated experience of managing a technology function at comparable scale and complexity. The IT Director’s value is in their judgment and leadership, not in their certification portfolio.

3. Neglecting cybersecurity in the brief. Firms that hire an IT Director focused purely on infrastructure management without assessing cybersecurity capability will find they need to make a separate CISO appointment sooner than expected — or will suffer a security incident that a more capable appointment would have prevented.

4. Unclear boundary with the managed service provider. Many mid-market firms have a long-standing MSP relationship that predates the IT Director appointment. If the MSP’s role is not explicitly redefined when the IT Director joins, the two parties will be in conflict over ownership of decisions and the IT Director will be unable to establish their authority. The scope reallocation between the IT Director and the MSP should be agreed before the IT Director starts.

5. Inadequate budget for the function. An IT Director hired to improve a technology estate without adequate budget to invest in it will be frustrated and ineffective. The appointment decision and the technology investment budget should be agreed simultaneously. A realistic assessment of the technology investment needed — including deferred maintenance, security uplift, and strategic projects — should be part of the brief development process.

How Exec Capital Approaches IT Director Appointments

Exec Capital runs IT Director searches as retained mandates for mid-market UK firms across professional services, financial services, healthcare, manufacturing, and consumer businesses. Our process for IT Director appointments includes the technology estate review exercise described above — built specifically for each firm’s technology context — as a core part of the assessment. We have found this exercise more predictive of IT Director performance than any other assessment tool.

The IT Director appointment sits within our senior recruitment services. For firms at the scale where the IT Director mandate is growing into a full CIO brief — typically above £50 million revenue with significant digital operations — the transition from IT Director to CIO is a brief development question we are happy to discuss before any search opens. Getting the title and scope right at appointment prevents the frustration of a mismatch between the title given and the mandate actually provided.

The IT Director at a PE-Backed or Investor-Owned Business

At PE-backed mid-market firms, the IT Director appointment carries specific characteristics that differ from the independent business context. PE investors consistently identify IT cost management, cybersecurity governance, and digital infrastructure as both risk factors and value creation opportunities at portfolio companies — and the IT Director is the person expected to deliver on all three.

The IT Director in a PE-backed business typically operates with a dual accountability: to the management team for the day-to-day IT function, and to the PE house’s operating team for the technology dimension of the value creation plan. This dual accountability requires an IT Director who is comfortable presenting to investment committee members, who can produce the technology infrastructure and cost data that PE due diligence requires, and who understands the technology investment decisions that support exit valuation rather than simply operational continuity.

Specific PE context requirements include: clean IT cost data in a format that supports EBITDA analysis; a cybersecurity posture that will survive sell-side due diligence; and a clear view on the technology investments needed to support the firm’s growth plan within the PE holding period. IT Directors who have previously operated in PE-backed environments — who understand the investment committee reporting requirements and the pace of decision-making — are significantly more valuable in this context than those who have only operated in owner-managed or listed firm environments. For broader context on PE-backed firm senior hiring, the PE-Backed Executive Hiring guide is directly relevant.

IT Governance Frameworks and Professional Standards

The IT Director at a mid-market firm operates within a professional framework that has matured significantly over the past decade. ITIL (Information Technology Infrastructure Library) remains the primary IT service management framework, providing the vocabulary and process discipline for incident management, change management, problem management, and service desk operations. An IT Director who has implemented or operated within an ITIL framework brings a level of process maturity that firms without it often lack.

COBIT (Control Objectives for Information and Related Technology), developed by ISACA, provides the broader IT governance framework — the principles and practices for aligning IT with business objectives, managing IT risk, and ensuring that IT investment delivers value. COBIT is increasingly referenced in internal audit and governance contexts, and IT Directors at firms with sophisticated audit committees should be familiar with its framework even if they do not implement it in full.

For cloud infrastructure management — which now dominates most mid-market IT estates — the major cloud providers’ governance frameworks (Microsoft Cloud Adoption Framework, AWS Well-Architected Framework) provide practical guidance on building and managing cloud environments to professional standards. An IT Director who manages a significant cloud estate without reference to these frameworks is likely missing cost optimisation and security governance opportunities that the frameworks address directly.

Further Reading and Authoritative Sources

For cybersecurity standards applicable to UK mid-market IT Directors, the National Cyber Security Centre’s Cyber Essentials scheme is the baseline certification that most UK government contractors and an increasing number of private sector firms require. The NCSC’s 10 Steps to Cyber Security provides a practical framework for IT Directors assessing their firm’s security posture.

The ITIL (IT Infrastructure Library) framework, managed by Axelos, is the primary IT service management framework in the UK and provides the professional standard against which IT service delivery is assessed. The British Computer Society (BCS) is the UK’s chartered professional body for IT and publishes professional development frameworks, salary surveys, and governance guidance relevant to IT Director roles.

For cloud infrastructure specifically — which now forms a significant part of most mid-market IT estates — Microsoft’s Azure Well-Architected Framework and AWS’s Well-Architected Framework provide the technical governance standards that IT Directors should be using to assess and improve their cloud infrastructure. The ICO’s UK GDPR security guidance covers the data protection obligations that fall within the IT Director’s accountability.

Related Exec Capital guides: How to Hire a CIO · How to Hire a CTO · How to Hire a CISO · How to Hire an Operations Director · How to Hire a Chief Digital Officer · Executive Compensation Guide