Director, IT & Information Security

About The Position

Requirements

• Demonstrated senior leadership capability with experience leading managers and building scalable IT and security organizations.
• Deep expertise in information security, risk management, and compliance frameworks (SOC 2, ISO 27001, PCI-DSS, NIST, or similar).
• Proven ability to define strategy, set roadmaps, and execute complex, cross-functional initiatives.
• Strong financial acumen, including budget ownership and vendor management at scale.
• Exceptional communication and influence skills, with the ability to operate credibly at the executive level.
• High tolerance for ambiguity with the discipline to bring structure, clarity, and measurable outcomes.
• 10+ years of progressive experience in IT, information security, or related fields.
• 5+ years in senior leadership roles with accountability for enterprise IT and/or security programs.
• Proven success leading compliance initiatives through successful external audits.
• Experience supporting SaaS, cloud-first, and highly automated operational environments.
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field preferred.
• Relevant certifications strongly preferred (CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, ITIL).

Nice To Haves

• Background in warehousing, manufacturing, robotics, or technology-driven operations strongly preferred.

Responsibilities

• Enterprise IT Leadership & Operations Set and own the enterprise IT strategy and multi-year roadmap aligned with COMC’s growth, automation, and customer experience goals.
• Lead, scale, and mature the IT organization, including workforce planning, leadership development, and organizational design.
• Establish and continuously improve IT service delivery models, SLAs, escalation paths, and operational metrics.
• Oversee all IT operations, including end-user computing, systems administration, identity and access management, endpoint and device lifecycle management, and SaaS/platform reliability.
• Partner with Engineering and Robotics teams to support proprietary software, warehouse automation, and mission-critical operational systems.
• Own IT financial management, including budgeting, forecasting, vendor strategy, contract negotiation, and license optimization.
• Serve as executive sponsor for major IT initiatives and transformations, ensuring delivery against scope, timeline, and business outcomes.
• Information Security, Risk & Compliance Leadership Own COMC’s information security vision, strategy, and operating model.
• Design and evolve security architecture, governance, and controls to protect customer data, intellectual property, and operational systems.
• Establish, maintain, and continuously improve enterprise security policies, standards, and procedures.
• Lead security risk management, including threat modeling, vulnerability management, remediation prioritization, and executive-level risk reporting.
• Own incident response strategy and execution, including executive communication and post-incident improvement planning.
• Serve as the accountable executive for compliance programs (e.g., SOC 2 Type II, ISO 27001, PCI-DSS, or similar), including audit readiness, third-party due diligence, and customer security reviews.
• Champion security awareness and secure-by-design practices across the organization.
• Executive Partnership & Influence Act as a trusted advisor to senior leadership on technology risk, security posture, and IT investment decisions.
• Translate complex technical and security topics into clear, business-relevant insights for executive and non-technical audiences.
• Balance risk management with business enablement, ensuring security accelerates—rather than blocks—growth.
• Represent IT and Information Security in executive forums, audits, and customer or partner discussions as needed.
• Cross-Functional Partnership & Influence Serve as a trusted partner to leaders across Operations, Robotics, Engineering, People, Legal, and Finance.
• Translate technical and security concepts into clear, actionable guidance for non-technical stakeholders.
• Balance business enablement with risk management, offering pragmatic solutions rather than blockers.
• Contribute to technology and security roadmaps aligned to COMC’s automation, growth, and customer experience goals.

Benefits

• Competitive Salary
• 9 Paid Company Holidays per year
• Paid Time Off up to nearly 4 weeks per year
• 401(k) Program with 100% Company Match
• Employer provided Free Medical + Base Dental plans
• Employer provided LTD and Life Insurance
• STD for employees outside of Washington State
• Employee discount on www.COMC.com
• Employee Assistance Program
• Legal Library Access