Vice President of Cybersecurity (On-site Work Schedule)

Role Overview

The Vice President of Cybersecurity is a mission-driven leader who protects the enterprise from cyber threats while empowering the business to move fast, innovate boldly, and operate safely. This role champions cyber risk ownership across the organization, translating complex threats into clear business, financial, and legal impact. This leader ensures the organization can withstand disruption, respond decisively, and recover stronger.

Responsibilities

Cybersecurity Strategy & Enterprise Risk Ownership

• Build and execute a multi-year cybersecurity and resiliency strategy that fuels growth and innovation.
• Own the enterprise cyber risk register and align it with a maturing Enterprise Risk Management (ERM) program.
• Communicate cyber risk in a way that empowers executives and the Board to make confident, informed decisions.
• Create a roadmap that balances safety, scalability, cost efficiency, and business speed.

Governance, Policy & Regulatory Compliance

• Lead cybersecurity policies and controls grounded in integrity and aligned to NIST/ISO frameworks.
• Ensure readiness for SOX, GDPR, PCI, and other regulatory requirements.
• Strengthen collaboration across IT, Legal, Audit, Finance, and business teams through clear accountability.
• Oversee penetration testing, control assessments, and continuous compliance.

Security Architecture & Zero Trust

• Define a modern, resilient security architecture across cloud, on-prem, ERP, identity, network, and endpoints.
• Own the Zero Trust strategy and guide its maturity with courage and clarity.
• Approve secure reference architectures and embed security-by-design into every platform and integration.

Identity, Access & Privileged Security

• Own Identity and Access Management (IAM), SSO, MFA, and Privileged Access Management (PAM).
• Establish access governance across workforce, vendors, service accounts, and APIs.
• Reduce identity-based risk through continuous monitoring, access certification, and least-privilege enforcement.
• Ensure strong access controls across ERP, cloud, and third-party platforms.

Threat Detection, Incident Response & Cyber Recovery

• Lead enterprise threat detection, monitoring, and incident response capabilities.
• Own ransomware preparedness, response playbooks, and cyber recovery strategies.
• Partner with Infrastructure to ensure cyber-resilient backup, restore, and disaster recovery capabilities.
• Run executive tabletop exercises that build organizational readiness.

Third-Party & Supply Chain Security

• Own third-party and vendor security risk management.
• Define security requirements for vendors, Managed Service Providers (MSPs), and cloud providers.
• Oversee ongoing risk monitoring of critical third parties and integration partners.
• Partner with Legal and Procurement to embed security requirements into contracts.

Data Protection & Privacy

• Define enterprise data protection standards including classification, encryption, and Data Loss Prevention (DLP).
• Support global privacy operations (such as GDPR) in coordination with Legal counsel.
• Establish security guardrails for AI usage, sensitive data access, and data sharing.
• Ensure secure handling of regulated and high-risk data across platforms.

Metrics, Reporting & Executive Communication

• Define cybersecurity metrics focused on risk reduction, detection and response time, and control effectiveness.
• Deliver clear, non-technical reporting to executive leadership and Audit/Risk Committees.
• Provide forward-looking insight into emerging threats and risk trends.

Cyber Operating Model & Talent Management

• Shape the cybersecurity operating model, balancing internal expertise with managed services.
• Lead SOC, MDR, and MSSP strategy and performance.
• Build and mentor a high-performing security leadership team.
• Raise cyber awareness across the organization and foster a culture of shared responsibility.

Crisis Leadership

• Serve as the enterprise incident commander during cybersecurity events.
• Declare incidents, activate response plans, and lead cross-functional teams.
• Make rapid decisions to isolate systems, restrict access, and contain threats.
• Advise the CIO, CFO, and General Counsel on business impact, financial exposure, insurance, and regulatory obligations.
• Own post-incident reviews, root-cause analysis, and long-term remediation.

Requirements

• 12+ years of progressive cybersecurity leadership experience, including enterprise-scale environments.
• Demonstrated ownership of enterprise cyber risk, incident response, and resilience programs.
• Strong experience with security architecture, Zero Trust, IAM, and cloud security.
• Proven ability to engage executive leadership and Boards with clear, business-oriented communication.
• Leadership style grounded in innovation, integrity, and community.

Preferred Qualifications

• Experience in regulated, audit-sensitive, or Private Equity (PE)-backed environments.
• Background in distribution, manufacturing, e-commerce, or complex operational environments.

Culture and Team

The team values a "work hard, play hard" mentality, where members have each other's backs and take responsibility for making things better for everyone. The environment is gritty and hands-on, favoring an inclusive, positive, can-do attitude. We prioritize a workplace culture where collaboration, growth, and work-life balance are celebrated.