Director, IT Security

Trek•Waterloo, WI

19h

About The Position

A bit about us Trek is an awesome place to work, with amazing benefits for all employees. We build only products we love, provide incredible hospitality to our customers, and change the world by getting more people on bikes. When you’re on our team, you’re taken care of, encouraged to learn and grow, and given lots of opportunities to do so. Give us your best, and we’ll give it right back. Sound pretty sweet? Then come join us! Job Description Role Summary Join Trek as the Director of IT Security and lead the strategy that protects one of the most recognized brands in the cycling industry. In this role, you will own the global information security program and guide a talented team responsible for securing our retail, ecommerce, manufacturing, distribution, and corporate environments. You will define and execute a multi‑year security roadmap, strengthen operational resilience, and advance Trek's Zero Trust posture. You'll partner across IT and the business to embed security into engineering, architecture, and delivery, and empower teams to move fast while keeping data, systems, and riders safe. If you thrive in a role that blends strategy, technical depth, and hands‑on leadership, this is your opportunity to shape the future of security at a global, innovation‑driven organization.

Requirements

10+ years in IT and/or cybersecurity with progressive responsibility, including leading enterprise security initiatives.
Demonstrated experience owning an information security program (strategy, governance, operations, metrics, and reporting).
Strong technical fluency across identity, endpoint, network, SaaS, and cloud security controls, plus incident response practices.
Holds two or more relevant certifications (e.g., CISSP, CCSP, CISM, SANS GSTRT or equivalent).
Experience with risk assessment, audit support, evidence collection, and communicating risk to technical and executive stakeholders.
Experience with third-party/vendor security assessments and risk-based decision-making.

Responsibilities

Define and maintain a multi-year security strategy and roadmap (including Zero Trust and measurable outcomes).
Own security governance: policies, standards, risk decisions, and the policy exception process (including expiration and renewal).
Lead security operations (monitoring, triage, incident response, and post-incident learning) and ensure effective on-call and service queue coverage.
Oversee centralized logging, correlation, and alerting; continuously tune detections and automate response with SOAR where appropriate.
Drive risk-based vulnerability management oversight in partnership with Infrastructure and Application Development; prioritize remediation based on business impact.
Own identity and access management governance, including Conditional Access and privileged access controls.
Oversee application security practices and tooling integration (SAST/DAST and secure delivery guardrails) with Application Development and QA teams.
Lead vendor and third-party security assessment governance in collaboration with IT Procurement and business owners; track remediation and risk acceptance.
Partner with Internal Audit and stakeholders to ensure audit-ready evidence for key security controls (UARs, vendor assessments, IR, exceptions).
Define security architecture patterns and guardrails for on-prem and cloud services; influence design reviews and operational readiness.
Manage security tooling strategy and lifecycle planning, maximizing value from platforms and licenses.
Coach and develop security staff; establish operating rhythms, metrics, and executive reporting.
Perform other duties as assigned.