Cyber Security Team Lead

Talent Acquisition Team

10h

About The Position

Herff Jones is the leading provider of graduation and educational products and services designed to inspire achievement and create memorable experiences for students. Herff Jones' products include class rings and jewelry, caps and gowns, frames, announcements, and Greek accessories as well as motivation and recognition programs. Since 1920, our team has worked alongside students, faculty, and staff on campuses nationwide to help build a stronger community and celebrate student milestones. Our continued success relies on hiring extraordinary talent, with a passion for making a difference and eagerness to roll up the sleeves, to help us write the story of our next 100 years. Role Overview The Cybersecurity Team Lead is a hands-on leadership role responsible for executing and coordinating core cybersecurity, compliance, and privacy activities for Herff Jones. This role is well-suited for an individual contributor stepping into a first-time leadership position and will act as the primary security point of contact for operational execution while partnering closely with the LSC Center of Excellence (CoE). The Team Lead owns day-to-day delivery across PCI compliance, vulnerability remediation, governance/risk/compliance (GRC), privacy operations, third-party risk management, and contractual security reviews, while helping translate CoE strategy into effective, measurable execution at Herff Jones.

Requirements

5+ years of experience in cybersecurity, information security, risk, or compliance
Experience with PCI DSS compliance
Practical experience managing or supporting vulnerability remediation programs
Working knowledge of privacy regulations and DSAR workflows
Experience with third-party risk assessments and vendor security reviews
Strong organizational, documentation, and communication skills
Ability to work cross-functionally and translate policy into execution

Nice To Haves

Experience in a retail, manufacturing, e-commerce, or a regulated environment
Exposure to GRC tools or formal risk management frameworks
Experience reviewing DPAs or supporting client security reviews
Security certifications (Security+, CISSP, CISM, PCI ISA, or similar)
First-time leadership, mentoring, or team-lead experience

Responsibilities

Own and manage the annual PCI DSS compliance cycle for Herff Jones
Coordinate PCI scoping, evidence collection, control validation, and remediation activities
Serve as the primary liaison with internal stakeholders and external assessors (QSA / 3rd Party ROC)
Maintain PCI documentation, artifacts, and audit readiness year over year
Track findings and ensure timely remediation and closure
Lead the vulnerability management program for Herff Jones, with strong emphasis on active and timely remediation
Partner with Infrastructure, Application, and Engineering teams to ensure vulnerabilities are prioritized and addressed based on risk
Validate scan results, manage exceptions, and ensure remediation SLAs are met
Provide clear reporting on vulnerability trends, risk exposure, and remediation status
Ensure the program is operational, measurable, and continuously improving—not purely scan-driven
Support and maintain Herff Jones’ GRC activities, aligned to enterprise standards and frameworks
Track security risks, control gaps, and remediation plans
Support internal and external audits, customer security reviews, and compliance requests
Ensure security policies, standards, and procedures are documented and followed locally
Own the end-to-end processing of Data Subject Access Requests (DSARs) for Herff Jones
Coordinate with Legal, IT, HR, and business stakeholders to gather and validate required data
Ensure responses are completed accurately and within regulatory timelines
Maintain DSAR tracking, documentation, and auditability
Manage the third-party risk management (TPRM) process for vendors supporting Herff Jones
Review vendor security assessments, SOC reports, and risk questionnaires
Identify, document, and track third-party risks and remediation commitments
Partner with Procurement, Legal, and business owners to support vendor onboarding and renewals
Review proposed Data Processing Agreements (DPAs) from company clients
Partner with Legal and the CoE to assess security and privacy obligations
Identify gaps between contractual requirements and existing security controls
Support customer security questionnaires and due-diligence requests
Partner with the CoE to execute enterprise security awareness initiatives at Herff Jones
Coordinate and support cybersecurity training, including phishing, smishing, and vishing simulations
Help drive user participation, follow-up training, and local awareness efforts
Provide feedback to the CoE on effectiveness, risk areas, and improvement opportunities
Partner with the CoE on DLP policy implementation and execution at Herff Jones
Support rollout, tuning, and enforcement of DLP controls across endpoints, email, and data platforms
Work with business and IT teams to address false positives, operational impacts, and control gaps
Ensure DLP controls are practical, enforceable, and aligned to business workflows
Serve as the day-to-day cybersecurity lead for Herff Jones
Help organize work, prioritize initiatives, and track deliverables for 2 – 3 other team resources
Escalate risks, capacity issues, and control gaps to Herff Jones Leadership (CIO and CEO as appropriate) and the CoE
Contribute to continuous improvement of cybersecurity processes and maturity