Principal IT Security Consultant (3923)

About The Position

Requirements

• 8+ years of progressive experience in cybersecurity, risk management or related discipline, with at least 2 years in a leadership role.
• Excellent communication and stakeholder management skills with the ability to convey complex security concepts to non-technical audiences, including business executives.
• Strong collaboration skills with a history of building cross-functional relationships between business, IT, and security teams.
• Deep understanding of ecommerce platform technologies and architectures (e.g., web applications, APIs, payment systems, mobile apps, content delivery networks).
• Strong knowledge of security threats, attack vectors, and mitigation strategies specific to ecommerce and other digital environments, including DDoS mitigation, secure payment processing, and data privacy.
• Strong expertise in securing cloud environments, including Identity and Access Management, cloud-native security tools, data protection, logging/monitoring, and compliance frameworks (CIS Benchmarks, ISO 27017).
• Experience securing restaurant networks and other restaurant technologies preferred.
• Familiar with incident response processes and incident response table-top exercises.
• Experience with common security metrics, security reporting, and management dashboards.
• Good understanding of security frameworks, compliance requirements, and industry best practices (PCI Controls, SANS 20 Security Controls, NIST 800-53, SOC 2 Type II, ISO 27001/02 etc.)

Nice To Haves

• Relevant certifications such as - CISM, CISA, CISSP are a plus.

Responsibilities

• Act as the primary senior security advisor for assigned market(s), ensuring alignment between business priorities and enterprise security goals.
• Proactively and regularly engage with market cross functional teams to stay abreast of business initiatives and identify opportunities for security intervention.
• Assist with developing and executing a security strategy tailored to the markets' specific needs, risks, and regulatory requirements.
• Provide expert guidance to market business leaders on security risks, controls, and best practices.
• Track market compliance and risk remediation efforts.
• Help prepare market teams for security audits, assessments and other compliance efforts.
• Advocate for security by design in business processes, projects, and product development.
• Assist in the development and testing of business unit-specific incident response and disaster recovery plans.
• Act as the security point of contact during security incidents affecting the business unit.
• Report security metrics and risk insights to market leadership and/or other governance stakeholders.
• Assist with franchisee relationship management and franchisee facing security initiatives.

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• Legal insurance
• Accidental death and dismemberment insurance
• FSA/HSA (depending on enrolled medical plan)
• Short-term disability insurance
• Long-term disability insurance
• Life insurance
• 401(k) plan
• 4 weeks of vacation
• Paid sick leave
• 10 paid holidays
• A floating day off
• 2 paid days for volunteer time each calendar year