Back to jobs
Fold

Sr. Director of IT Risk Management and Physical Security

Roswell, GA, USPosted 4 days ago
remote

Job Description

Overview Vestis Corporation is seeking a strategic and experienced Sr. Director of IT Risk Management and Physical Security to lead the organization’s IT governance, risk, and compliance (GRC) functions and enterprise physical security program. This role is responsible for establishing and maintaining a robust risk management framework to protect Vestis’ digital assets and technology footprint, ensure regulatory compliance, and support business objectives. The role is also accountable for safeguarding company facilities, equipment, and personnel through enterprise physical security, investigations, and crisis management leadership. As a senior enterprise leader, this position will prepare materials for and brief executive leadership, the Audit Committee, and the Board on technology risk, physical security, significant incidents, and mitigation priorities. Key Responsibilities•    Develop, implement, and oversee IT risk management policies, procedures, and controls to identify, assess, mitigate, and monitor technology-related risks across the organization.•    Establish and govern the enterprise IT risk management program aligned to recognized frameworks, including maintaining the IT risk register and translating regulatory, cybersecurity, cloud, data privacy, and emerging technology requirements into practical controls and governance processes.•    Partner across business and technology functions to assess risks, strengthen policies and controls, and enable growth while protecting customer data, company information, and critical operations.•    Monitor trends identified by security operations, including vulnerability management, incident response, and threat intelligence, ensuring the confidentiality, integrity, and availability of Vestis information systems.•    Manage GRC initiatives, including compliance with relevant regulations (such as SOX, GDPR, and PCI DSS), and risk assessments.•    Collaborate with business leaders, IT, and compliance to align risk management strategies with organizational goals and drive a culture of security awareness.•    Oversee third-party risk management, including vendor evaluations and ongoing monitoring.•    Prepare and deliver reports and presentations to executive leadership, the Audit Committee, and the Board on enterprise technology risk, physical security posture, significant incidents, investigations, crisis response, compliance status, and mitigation priorities.•    Stay current with emerging threats, regulatory changes, and industry best practices; recommend and implement improvements as needed.•    Lead the enterprise physical security function for company assets, including facilities, equipment, and personnel security, by establishing operational controls, site security standards, access management, incident response protocols, investigative processes, crisis management procedures, and ongoing risk monitoring to protect the company’s people, property, and operations. Mentorship & Influence•    Mentor software, infrastructure and data engineers; elevate governance, risk mitigation, and proactive security practices across teams that improve the company’s risk posture. •    Influence without authority across multiple teams to standardize IT governance practices and drive a forward-thinking approach to IT risk management.  Strategic Impact•    Identify and proactively address systemic security and policy risks, and present solutions to mitigate those risks by partnering with technical subject matter experts and through individual research.•    Champion new technology solutions for IT governance, risk, security and compliance that can benefit the business while also offering risk mitigation opportunities. •    Contribute to long term IT governance, risk, and compliance platform roadmaps, including processes that scale self service and decommission legacy components. •    Stay current with modern IT GRC practices, assessing and conveying applicability to the organization. •    Partner with Internal Audit, Finance, Operations, Product, External Audit, Application, Data Engineering, and IT teams generally to optimize IT GRC and security policies and practices at Vestis.  Qualifications•    BS in Information Technology, Information Security, Accounting, Finance, or a related field; master’s degree preferred.•    15+ years of progressive experience in IT risk management / GRC roles.•    Must have strong technical background.•    Experience working with business strategy and operations to deliver a GRC program that practically aligns with risk management frameworks (NIST, ISO 27001, etc.), regulatory requirements, and IT security technologies given existing constraints while driving continuous improvement in the IT GRC space.•    Excellent leadership, communication, and stakeholder management skills. Practical experience with data visualization technology for GRC metrics and dashboards (e.g., SQL, PowerBI) to foster followership across the organization.•    Relevant and current certifications (CCSP, CISSP, CISM, CRISC, CISA, CGEIT, CDPSE) are required. This position offers the opportunity to shape Vestis Corporation’s IT risk strategy and safeguard its digital future. If you are a visionary leader with a passion for managing business risk and compliance, we invite you to apply.
Sr. Director of IT Risk Management and Physical Security at Fold | Renata