Director of Information Security at Store Support Team (ZW6) – Carrboro, North Carolina

Fleet Feet is seeking a strategic, hands-on Director of Information Security to build, mature, and lead our enterprise cybersecurity program across corporate, retail, eCommerce, franchise, and cloud environments.

This leader will be accountable for protecting customer, franchisee, employee, and enterprise data while enabling growth, innovation, and operational excellence. The role owns security strategy, governance, risk management, incident response, identity, and security architecture across a distributed retail footprint and modern SaaS/cloud ecosystem.

Collaborate across Infrastructure, Applications, Retail Systems, Data Analytics, Legal, Finance, and Marketing to integrate comprehensive security strategies throughout Fleet Feet's technology ecosystem.

Enterprise Security Strategy & Governance

Develop and execute a multi-year information security roadmap aligned to Fleet Feet’s growth strategy and risk tolerance.

Establish and maintain enterprise security policies, standards, and control frameworks.

Serve as the primary advisor to IT and leadership on cybersecurity risk posture and mitigation priorities.

Align program to NIST CSF and other applicable frameworks

Retail & PCI Security

Own PCI-DSS compliance across POS, payments, eCommerce, and retail systems.

Oversee security architecture for in-store systems (POS, payment terminals, network segmentation, endpoint protection).

Lead annual assessments, remediation programs, and third-party security validation activities.

Security Operations & Incident Response

Oversee security monitoring, detection, and response across corporate, cloud, and retail systems

Manage incident response planning, tabletop exercises, and real-world investigations.

Ensure SIEM, EDR, identity monitoring, and cloud telemetry are appropriately tuned for optimal signal detection.

Coordinate breach response across Legal, HR, Marketing, and executive leadership.

Conduct post-incident reviews and drive systemic improvements.

Identity, Access & Zero Trust

Own enterprise IAM strategy, including SSO, MFA, privileged access management, and lifecycle automation

Advance a zero-trust architecture across workforce, franchise, and third-party access

Implement least-privilege access models (RBAC).

Secure identity integrations across SaaS platforms and cloud services.

Cloud, Data & Application Security

Secure Fleet Feet’s cloud environments, data platforms, and SaaS ecosystem.

Partner with Marketing and Data teams to embed secure-by-design and secure SDLC practices

Oversee encryption, key management, and data classification policies.

Ensure appropriate controls around analytics platforms and data exports.

Optimize security tooling to reduce complexity and improve visibility.

Governance, Risk & Compliance (GRC)

Lead enterprise risk assessments, vulnerability management, and third-party risk reviews

Maintain risk registers and remediation tracking.

Ensure compliance with:

PCI-DSS

Franchise contractual security obligations

Drive automation of evidence collection and audit reporting where possible

Vendor & Franchise Security Oversight

Establish third-party risk management processes

Assess vendor security posture before onboarding.

Define security requirements in contracts and renewal negotiations.

Provide security guidance to franchisee while maintaining corporate standards.

Team Leadership & Culture

Build and lead a high-performing security function spanning operations, architecture, and GRC.

Develop internal talent and leverage managed security service providers appropriately.

Foster a culture where security is viewed as a business enabler.

Lead with transparency, ownership, and measurable outcomes.

Required

10+ years of progressive, impactful experience in cybersecurity or enterprise IT, with a demonstrable track record of driving strategic security initiatives.

5+ years in a senior security leadership role.

CISSP, CISM, CRISC, or equivalent certification

Proven experience building or maturing a security program in a distributed enterprise.

Deep understanding of:

NIST CSF and risk frameworks

PCI-DSS and retail security

Identity & Access Management platforms

Cloud security architecture

Experience leading incident response and vulnerability management programs

Exceptional executive communication skills with a proven ability to translate complex cybersecurity risks into compelling business narratives that drive strategic decision-making.

Preferred

Experience in specialty retail, franchise models, or omnichannel commerce.

Experience securing POS ecosystems and payment environments.

Experience with zero-trust architecture initiatives

Familiarity with hybrid cloud and SaaS-heavy environments

Personal Attributes

Strategic thinker with strong operational discipline.

Risk-based decision maker.

Composed and collaborative leader who effectively manages high-pressure situations

High ownership mentality with bias for action.

Strong cross-functional influencer capable of driving enterprise alignment.