Manager of Cyber Security

If you’re looking for a purpose and not just a job, join the Smoothie King team and turn your purpose into a fulfilling passion! We're not just the pioneers of the nutritional smoothie; we're the champions of inspiring people to live a healthy and active lifestyle. With over 1300 stores and counting, we’ve grown to become the largest nutritional smoothie bar in the nation, with a simple recipe for success: Hire the best people, use the best ingredients, and blend with a purpose. At Smoothie King, we're serious about our clean ingredients and passionate about our guests' health and wellness journeys—but that doesn't mean we don't know how to have a good time. Here, you'll find work that's equal parts challenging and rewarding, all within a culture that's as amazing as our smoothies. We're committed to continuous improvement, achieving our goals, and fostering a supportive and collaborative environment where every team member can thrive. Overview The Manager of Cyber Security is responsible for leading the development and execution of the brand’s cybersecurity strategy, ensuring scalable and resilient protection across our fast-growing enterprise. This role will design, implement, and manage comprehensive security frameworks and programs that support both cloud (Azure) and on-premises environments. This role will provide strategic and operational leadership in safeguarding brand systems, guest data, and digital assets - critical to supporting our store operations, franchise partners, and guests. The position requires strong leadership capabilities and deep expertise in modern security practices, regulatory compliance, risk management, and Agile methodologies. The Manager will work closely with IT, cross-functional business stakeholders, and external partners to maintain a proactive, business-aligned cybersecurity posture that supports innovation, compliance, and guest trust. Develop, implement, and manage the brand’s information security strategy, policies, standards, and procedures. Lead security initiatives across cloud (Azure) and on-premises environments, ensuring alignment with business objectives and industry best practices. Manage security monitoring solutions and incident response processes to quickly identify, mitigate, and remediate security threats. Coordinate regular security audits, penetration testing, and vulnerability assessments to proactively manage and mitigate risks. Oversee compliance efforts, including PCI DSS, GDPR, and other applicable regulations. Collaborate with infrastructure and application teams to embed security controls into all aspects of technology operations and software development lifecycles. Lead cybersecurity training and awareness initiatives across the organization to foster a culture of security awareness and compliance. Develop and implement third-party risk management processes to assess and mitigate risks from vendors and partners. Establish key performance indicators (KPIs) and regularly report on the effectiveness of security measures to senior leadership. Utilize Agile methodologies to prioritize and manage security projects, ensuring timely and effective delivery. Manage the security budget effectively, optimizing investments to achieve maximum impact and protection. Mentor and develop security team members, fostering professional growth, collaboration, and a high-performance security culture. Stay informed about the latest cybersecurity trends and continuously refine strategies and processes to enhance security posture. Responsibilities Deep understanding of security frameworks, including NIST, CIS Controls, ISO 27001, and compliance requirements such as PCI DSS and GDPR. Extensive hands-on experience with cloud security (Azure), including identity and access management, cloud security controls, and monitoring. Experience with on-premises security infrastructure, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection (EDR), and secure network architecture. Demonstrated experience leading security audits, vulnerability assessments, penetration testing, and incident response activities. Proven experience managing third-party risk assessment programs and vendor management processes. Proficiency in Agile project management methodologies, sprint planning, and iterative delivery processes. Excellent leadership, people management, coaching, and mentoring skills. Proven track record of effective budget management and resource allocation for security initiatives. Exceptional communication and collaboration skills, capable of engaging stakeholders at all organizational levels. Relevant certifications such as CISSP, CISM, CCSP, Azure Security Engineer Associate, or equivalent are highly preferred. A proactive mindset with a passion for continuous learning, security innovation, and protecting business assets. Promote the culture, values, and mission of Smoothie King. Qualifications Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Technology, or a related technical field required, a master’s degree in Cybersecurity, IT Management, or Business Administration, plus. Minimum of seven (7) years of progressive experience in cybersecurity roles, including at least three (3) years of experience leading security programs, projects, or teams. Prior experience in the retail, restaurant, or franchise sector, preferred. Demonstrated success in building, implementing, and managing security frameworks across hybrid (cloud/on-prem) environments in a multi-location, enterprise setting. Hands-on experience managing compliance with relevant standards and regulations, such as PCI DSS (especially relevant for QSR/retail), GDPR, SOX, or HIPAA. Experience working within Agile or DevSecOps environments to integrate security into continuous development and operations processes. Relevant security certifications are highly preferred, including but not limited to: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CCSP (Certified Cloud Security Professional) Microsoft Certified: Azure Security Engineer Associate CompTIA Security+ or equivalent A personal passion for health, wellness, or fitness is a plus and supports the Smoothie King mission. What We Offer Join our team and enjoy an unusually fun work environment with an upbeat atmosphere and great team members. It is our purpose to maintain an environment our team members can brag about, where our focus and belief are built on our core values: We Are Better Together, We Keep Evolving, We Live Our Mission, We Do the Right Thing, and We Focus and Finish. With our core values at the forefront of every decision we make, it allows for collaboration, passion, and a no-limits mindset when it comes to your future! We keep our team happy with our great benefits package, free smoothies, flexible work schedules, office lunches and parties, monthly fitness challenges, free gym access, and more fun activities to make Smoothie King a happy and healthy place to work. Our Mission Inspire people to live a healthy and active lifestyle. Our Vision To be an integral part of every health and fitness journey. Our Values We: Do the Right Thing We: Are Better Together We: Live the Mission We: Keep Evolving We: Focus and Finish At Smoothie King, when we say inspire people, we mean everyone. We champion a diverse and inclusive workforce that is representative of the guests we serve. We blend the unique members of our organization, celebrating what is both common and different to grow better together and Rule the Day. The foundation of our diversity efforts is closely tied to our core values, which includes “We Are Better Together” and “We Do the Right Thing”. We are proud to be an equal opportunity employer and consider all qualified candidates, without regard to race, color, religion, sex, national origin, ancestry, age, genetic information, sexual orientation, gender identity, marital or family status, veteran status, or medical condition or disability. If you are a person with a disability and you need assistance in applying for a position with Smoothie King, please call our Human Resources Department at 214-935-8900 and direct assistance will be provided.

Qualifications

Deep understanding of security frameworks, including NIST, CIS Controls, ISO 27001, and compliance requirements such as PCI DSS and GDPR. Extensive hands-on experience with cloud security (Azure), including identity and access management, cloud security controls, and monitoring. Experience with on-premises security infrastructure, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection (EDR), and secure network architecture. Demonstrated experience leading security audits, vulnerability assessments, penetration testing, and incident response activities. Proven experience managing third-party risk assessment programs and vendor management processes. Proficiency in Agile project management methodologies, sprint planning, and iterative delivery processes. Excellent leadership, people management, coaching, and mentoring skills. Proven track record of effective budget management and resource allocation for security initiatives. Exceptional communication and collaboration skills, capable of engaging stakeholders at all organizational levels. Relevant certifications such as CISSP, CISM, CCSP, Azure Security Engineer Associate, or equivalent are highly preferred. A proactive mindset with a passion for continuous learning, security innovation, and protecting business assets. Promote the culture, values, and mission of Smoothie King.

Responsibilities

Develop, implement, and manage the brand’s information security strategy, policies, standards, and procedures. Lead security initiatives across cloud (Azure) and on-premises environments, ensuring alignment with business objectives and industry best practices. Manage security monitoring solutions and incident response processes to quickly identify, mitigate, and remediate security threats. Coordinate regular security audits, penetration testing, and vulnerability assessments to proactively manage and mitigate risks. Oversee compliance efforts, including PCI DSS, GDPR, and other applicable regulations. Collaborate with infrastructure and application teams to embed security controls into all aspects of technology operations and software development lifecycles. Lead cybersecurity training and awareness initiatives across the organization to foster a culture of security awareness and compliance. Develop and implement third-party risk management processes to assess and mitigate risks from vendors and partners. Establish key performance indicators (KPIs) and regularly report on the effectiveness of security measures to senior leadership. Utilize Agile methodologies to prioritize and manage security projects, ensuring timely and effective delivery. Manage the security budget effectively, optimizing investments to achieve maximum impact and protection. Mentor and develop security team members, fostering professional growth, collaboration, and a high-performance security culture. Stay informed about the latest cybersecurity trends and continuously refine strategies and processes to enhance security posture.