Sr. Director –Information Security

About The Position

Requirements

• 15+ years of experience in information security, risk management, or enterprise IT.
• 7+ years of leadership experience, including managing security teams and vendor ecosystems.
• Bachelor’s degree in Computer Science, Cybersecurity, or related field preferred.
• Deep knowledge of NIST CSF, SOX, PCI, and data privacy frameworks.
• Experience with hybrid cloud environments (GCP preferred) and enterprise platforms like SAP S/4HANA.
• Proven success in building and maturing security programs in a complex, distributed enterprise.
• Strong communicator with executive presence; able to convey risk and trade-offs clearly to leadership.
• Strategic and operational leader with a strong sense of ownership and accountability for service outcomes.
• Deep expertise in IT service management platforms such as ServiceNow, Jira Service Management, Zendesk, or equivalent.
• Strong analytical, problem-solving, and decision-making capabilities in complex operational environments.
• Excellent communication, negotiation, and interpersonal skills, with the ability to influence stakeholders at all levels of the organization.
• Metrics-driven and disciplined in managing SLA performance, customer satisfaction (CSAT), and continuous improvement.
• Proven ability to lead and develop high-performing teams while effectively managing managed service providers and vendor partners.
• Effective at translating technical service issues into clear business impact and actionable improvement plans.

Nice To Haves

• Advanced degree a plus.
• CISSP, CISM, or related certifications preferred.

Responsibilities

• Cybersecurity Strategy & Governance Define and execute Grocery Outlet’s information security strategy in alignment with business priorities and risk appetite. Serve as the lead advisor to the CIO and executive team on cyber risk, compliance, and incident response.
• Cybersecurity Operations & Monitoring Oversee the Security Operations Center (SOC), incident detection, response, and remediation across all corporate and store systems. Ensure high observability and active monitoring of key platforms (SAP S/4HANA, GCP, custom applications).
• Governance, Risk & Compliance (GRC) Lead the implementation and continuous improvement of GRC practices aligned to frameworks such as NIST CSF and SOX. Ensure compliance with CCPA, PCI-DSS, and other regulatory obligations impacting retail and enterprise operations.
• Identity, Access, and Data Protection Lead IAM and privileged access management (PAM) strategy and tooling. Oversee data classification, encryption, and loss prevention policies and enforcement across systems.
• Team & Vendor Management Manage security professionals across GRC, architecture, and SOC functions. Oversee third-party security partners and manage security-related vendor relationships and contracts.
• Security Architecture & Engineering Collaborate with Development and Infrastructure teams to ensure secure design, coding, and deployment practices. Drive adoption of secure software development lifecycle (SSDLC) practices across internal and vendor-built platforms.
• Incident Response & Business Continuity Maintain and regularly test the enterprise incident response plan. Coordinate with Legal and executive stakeholders during security events or breaches.

Benefits

• Annual Bonus Program
• Equity
• 401(k)
• Profit Sharing
• Medical, Dental, Vision & More!