Director, Information Security

Workwear Outfitters•Nashville, TN

About The Position

Workwear Outfitters has a strong legacy of building innovative and authentic market-right products and is a leading supplier of work apparel and footwear for diverse occupations in industries such as automotive, manufacturing, oil and gas, utilities, government, food services, telecommunications, hospitality, and many more. Workwear Outfitters is based in Nashville, Tennessee with over $800 million in sales and we employ more than 5,800 people in facilities spanning the globe. Brands under the Workwear Outfitters umbrella include Red Kap®, Bulwark®, Image Authority®, Kodiak®, Terra®, Liberty ®, Work Authority®, Workrite® Fire Service, Chef Designs®, and Horace Small®. Workwear Outfitters is also the exclusive licensee for Dickies® apparel in the B2B channel. Our Purpose: “We champion and empower workers who make our world work better” Major benefits include medical, vision and dental, Life and Disability coverage. Other benefits included: 401K, Tuition reimbursement, Employee Assistance Program, Flexible Spending Accounts, and many others. What You Will Do as a Director, Information Security: The Director, Information Security is accountable for establishing and leading the enterprise information security strategy, governance, architecture, and operations. This leader has deep expertise in cybersecurity engineering, security operations, risk management, compliance, audit/assessment response, and threat prevention across both cloud and on-premises environments. The Director, Information Security is accountable for coordinating, and in some cases leading, the design, implementation, and continuous improvement of the organization’s cyber security capabilities—including identity and access management, network and endpoint security, cloud security, security operations (SOC), security incident response, vulnerability management, governance/risk/compliance (GRC), audit response, and data protection. This role leads a team of contractors, and vendor partners supporting the security program, with oversight of security-related professional services and technology investments in excess of $500k annually. The Director, Information Security is a key technology and business leader responsible for coordinating processes and practices related to safeguarding the organization’s information assets, ensuring compliance with regulatory requirements, and driving a proactive, risk-aligned security posture.

Requirements

Bachelor’s degree in Information Security, Computer Science, Engineering, or related field/experience; advanced degree preferred.
Proven leadership experience managing enterprise information security programs in hybrid (cloud + on-prem) environments.
Expertise in cloud security (Microsoft Azure preferred, AWS or GCP acceptable).
7+ years of hands-on experience in security engineering, architecture, and operations. Additionally, direct experience in technology operations roles (e.g. system administration, application services, cloud and on-prem computing operations) would be an asset
Strong knowledge of security frameworks such as NIST CSF, ISO 27001, CIS Controls, PCI, and regulatory/privacy requirements
Possesses current cyber security and risk management related certifications (e.g. CISSP, CISM, CASP, CRISC)
Expertise in governance, risk and compliance (GRC) management frameworks, and experience in applying them within an organization with consideration for operational and cost factors
Experience in security and risk related policy and plan development
Experience in managing response to security incidents
Excellent leadership and change-management skills, with experience leading blended teams of staff and contracted security professionals.
Strong analytical and decision-making abilities with a risk-based mindset.
Exceptional communication and interpersonal skills, with the ability to represent cyber security and risk related topics to senior leadership.

Nice To Haves

Platform-specific security certifications are an asset
Project management experience and/or PMP certification is an asset
Knowledge of the clothing manufacturing and apparel industry is a plus

Responsibilities

Develop and execute the enterprise information security strategy, roadmap, and operating model aligned with business and technology objectives.
Lead and manage a team of contracted security professionals across security engineering, security operations, and GRC.
Select, contract, and oversee cybersecurity vendors and professional service partners delivering cybersecurity solutions and managed services.
Establish, mature, and enforce enterprise security policies, standards, and governance processes.
Lead security architecture and ensure secure design principles are embedded in technology solutions, cloud services, and infrastructure platforms.
Oversee the enterprise security incident response program, ensuring rapid detection, containment, eradication, and post-incident review.
Oversee the IT department’s business continuity program, and the enterprise disaster recovery program ensuring that BCP/DR plans are established and validated through exercises
Direct ongoing vulnerability and threat management activities, ensuring remediations are prioritized and executed.
Partner closely with IT, application engineering, infrastructure, and business leaders to ensure secure solution delivery and risk-aware decision-making.
Lead enterprise compliance and audit response activities related to cybersecurity (e.g., SOC2, ISO 27001, NIST, privacy regulations) and other information technology-related topics.
Develop and report cybersecurity KPIs and KRIs that measure security posture, program effectiveness, and operational performance.
Promote a culture of security awareness across the organization through training, communication, and stakeholder engagement.