We are seeking a dynamic and action-oriented Sr. Director, Security Engineering to lead our company's information security function. This is a hands-on role for a results-driven leader who will own the security posture of a matrixed, global technology organization. The ideal candidate will not only have deep expertise in cybersecurity but will also be a proactive problem-solver who excels in both operational execution and leadership. We need a leader who thrives in doing the work and leading by example, while driving teams to implement security solutions and handle incidents.
This role will oversee the proper operation, configuration, and reporting of all security tools, while also managing compliance and audit activities across the organization. The right person will take charge of critical security incidents and drive remediation in collaboration with cross-functional teams.
This position reports to the Head of IT & Business Analytics and is based out of one of our Platform locations (San Diego, Irvine, Bozeman or Logan) or Providence, RI.
As the Sr. Director of Security Engineering, you will have an opportunity to:
Security Leadership & Operational Management:
- Own and execute the information security strategy across the organization, ensuring alignment with business goals.
- Actively manage day-to-day security operations, including threat detection, response, and remediation, as well as overseeing the performance and integrity of security tools and platforms.
- Lead incident response efforts, personally directing or delegating tasks to internal teams (security specialists, server, and network management teams) to ensure swift and effective remediation of threats.
- Ensure that the organization meets all security governance, risk management, and compliance requirements (e.g., GDPR, CCPA, PCI-DSS, SOX), taking direct ownership of audits and compliance initiatives.
- Comfortable stepping into the middle of security issues and leading the organization (technical & non-technical) to effective solutions.
- Have a servant leadership attitude on the area of security awareness. Seek moment when the organization can learn and improve our security stance.
Action-Oriented Security Execution:
- Be an active doer who works closely with technical teams, ensuring successful implementation of security measures across infrastructure, network, and application layers. This involves pulling technical resources from different IT functions into dynamic work groups to find solutions to problems.
- Take ownership of security solutions by working with owners of tools (SIEMs, firewalls, endpoint protection, etc.), ensuring they are properly configured, monitored, and reported.
- Lead vulnerability management, penetration testing, and patch management processes, driving teams to timely and efficient results.
Matrixed Leadership & Team Collaboration:
- Work in a matrixed environment, coordinating security efforts across multiple teams (server, network, applications) where direct management isn't always possible. Collaborate and lead through influence and directive leadership.
- Act as a hands-on leader for internal and external security teams during critical security incidents, ensuring timely responses, escalation, and communication to executive teams when needed.
- Provide actionable guidance and security expertise to other technology teams, helping them understand and implement security best practices in their daily operations.
- Provide a practical view of security issues and resolution. In a world where issue can be “anywhere”, you need to focus us on those areas most important to our secure operation.
Audit, Compliance, and Reporting:
- Oversee audit and compliance activities, ensuring that security policies and controls are adhered to and can withstand external audits and internal reviews.
- Develop and deliver timely reports on the security posture to the executive team, CIO, and stakeholders, ensuring transparency and actionable insights without overburdening the organization with bureaucratic oversight.
Stakeholder Communication:
- Communicate with executive leadership and stakeholders (including the board) on security incidents, status updates, and strategic improvements, while maintaining a strong focus on execution over long-winded discussions.
- Strong written and verbal communication skills. Capable to talking with technicians in one moment and easily transitioning to updating business executives.
- Balance high-level board interaction with operational rigor, ensuring alignment between security initiatives and business priorities while maintaining a bias for hands-on execution.
Proactive Security Innovation:
- Stay informed of the latest cybersecurity threats, vulnerabilities, and technologies, ensuring that the organization stays ahead of evolving risks.
- Continuously improve security policies, procedures, and tools to strengthen the organization's overall security posture.
You have:
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field (Master's preferred).
- 10+ years of progressive experience in information security leadership roles.
- Demonstrated ability to lead hands-on operational security work, incident response, and remediation.
- Proven track record in leading security teams and collaborating across matrixed organizations.
- Strong knowledge of consumer packaged goods industries and security challenges in wholesale, retail, and eCommerce channels.
- Deep knowledge of cybersecurity frameworks (NIST, ISO 27001) and security technologies (SIEMs, firewalls, EDR, cloud security).
- Experience with incident response, threat hunting, and vulnerability management in fast-paced environments.
- Strong understanding of security in cloud environments (AWS, Azure, Google Cloud) and enterprise networks.
- Strong leadership presence with a bias for action and the ability to operate in high-stress situations.
- Excellent communication skills, with the ability to translate technical concepts into actionable business insights.
- Ability to balance executive communication with hands-on leadership and execution of security initiatives.