Job description

The Senior Cyber Security Engineer is responsible for leading the development and execution of the brand’s cybersecurity strategy, ensuring scalable and resilient protection across our fast-growing enterprise. This role will design, implement, and manage comprehensive security frameworks and programs that support both cloud (Azure) and on-premises environments. This role will provide strategic and operational leadership in safeguarding brand systems, guest data, and digital assets - critical to supporting our store operations, franchise partners, and guests. The position requires strong leadership capabilities and deep expertise in modern security practices, regulatory compliance, risk management, and Agile methodologies. You will work closely with IT, cross-functional business stakeholders, and external partners to maintain a proactive, business-aligned cybersecurity posture that supports innovation, compliance, and guest trust. Supervisory Responsibilities: • Directly oversee and manage designated members. • Provide coaching, mentorship, and professional development opportunities to team members. • Ensure the team executes IT programs and initiatives effectively and in alignment with brand objectives. • Conduct Power Up conversations and provide ongoing feedback to drive engagement and accountability. Essential Functions / Major Responsibilities: • Develop, implement, and manage the brand’s information security strategy, policies, standards, and procedures. • Lead security initiatives across cloud (Azure) and on-premises environments, ensuring alignment with business objectives and industry best practices. • Manage security monitoring solutions and incident response processes to quickly identify, mitigate, and remediate security threats. • Coordinate regular security audits, penetration testing, and vulnerability assessments to proactively manage and mitigate risks. • Oversee compliance efforts, including PCI DSS, GDPR, and other applicable regulations. • Collaborate with infrastructure and application teams to embed security controls into all aspects of technology operations and software development lifecycles. • Lead cybersecurity training and awareness initiatives across the organization to foster a culture of security awareness and compliance. • Develop and implement third-party risk management processes to assess and mitigate risks from vendors and partners. • Establish key performance indicators (KPIs) and regularly report on the effectiveness of security measures to senior leadership. • Utilize Agile methodologies to prioritize and manage security projects, ensuring timely and effective delivery. • Manage the security budget effectively, optimizing investments to achieve maximum impact and protection. • Mentor and develop security team members, fostering professional growth, collaboration, and a high-performance security culture. • Stay informed about the latest cybersecurity trends and continuously refine strategies and processes to enhance security posture. Required Skills / Abilities / Competencies: • Deep understanding of security frameworks, including NIST, CIS Controls, ISO 27001, and compliance requirements such as PCI DSS and GDPR. • Extensive hands-on experience with cloud security (Azure), including identity and access management, cloud security controls, and monitoring. • Experience with on-premises security infrastructure, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection (EDR), and secure network architecture. • Demonstrated experience leading security audits, vulnerability assessments, penetration testing, and incident response activities. • Proven experience managing third-party risk assessment programs and vendor management processes. • Proficiency in Agile project management methodologies, sprint planning, and iterative delivery processes. • Excellent leadership, people management, coaching, and mentoring skills. • Proven track record of effective budget management and resource allocation for security initiatives. • Exceptional communication and collaboration skills, capable of engaging stakeholders at all organizational levels. • Relevant certifications such as CISSP, CISM, CCSP, Azure Security Engineer Associate, or equivalent are highly preferred. • A proactive mindset with a passion for continuous learning, security innovation, and protecting business assets. Education and Experience: • Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Technology, or a related technical field required, a master’s degree in Cybersecurity, IT Management, or Business Administration, plus. • Minimum of seven (7) years of progressive experience in cybersecurity roles, including at least three (3) years of experience leading security programs, projects, or teams. • Prior experience in the retail, restaurant, or franchise sector, preferred. • Demonstrated success in building, implementing, and managing security frameworks across hybrid (cloud/on-prem) environments in a multi-location, enterprise setting. • Hands-on experience managing compliance with relevant standards and regulations, such as PCI DSS (especially relevant for QSR/retail), GDPR, SOX, or HIPAA. • Experience working within Agile or DevSecOps environments to integrate security into continuous development and operations processes. • Relevant security certifications are highly preferred, including but not limited to: • CISSP (Certified Information Systems Security Professional) • CISM (Certified Information Security Manager) • CCSP (Certified Cloud Security Professional) • Microsoft Certified: Azure Security Engineer Associate • CompTIA Security+ or equivalent Work Environment: • This position follows a hybrid work schedule, with one day per week designated for remote work and four days in-office. Must be able to commute to the office for on-site work as required. This schedule is subject to change. • The environment requires the team member to work inside an office setting. • May be requested to work weekends for special events (not often). Travel Required: • Minimal, but occasional travel may be required for meetings, events, or IT initiatives.

Requirements