Work it! Here at Shake Shack, we take care of each other first and foremost so that we can make raves for our guests, community, suppliers, and investors. After all, teamwork makes the dream work. We work our buns off, but we play hard too, with a Team Appreciation Day, unlimited meal discounts, volunteer opportunities, and so much more. If you’re looking for a deeply fulfilling, financially rewarding, and really fun career, you’re in the right place.
Director of IT Security
The Director of IT Security is responsible for establishing, maintaining and overseeing the enterprise-wide security strategy, architecture, policies and programs to ensure Shake Shack systems and IT assets are protected, while understanding and managing the risks and challenges facing the company and the industry. This role will ensure information technology systems, networks, end user computing environments and other third party providers are secure.
The Director of IT Security will develop and implement cyber security initiatives, security frameworks, and policies while overseeing security operations for the enterprise. They will lead investigations related to security breaches and cyber crimes, often working with third party advisors. The Director will also be responsible for IT compliance and IT governance controls related to SOX compliance.
- Establish and manage a Security Operations Center responsible for 24/7 security monitoring and threat detection for the enterprise. This will include the RFP and vendor selection of Managed Security Services Providers, vendor management, SLAs and reporting, and oversight of security operations. The SOC will also be responsible for KPI reporting (dashboard and executive deck-ware) to illustrate current enterprise security status and emerging risks.
- Planning, project management and implementation leadership for security and compliance related initiatives. Identifies opportunities for improved security posture, compliance, automation, cost savings, and KPI reporting for Shake Shack systems.
- Manages the business case, selection, budget, and ongoing management of 3rd party providers for outsourced security services. Includes MSSP, Identity Management, Penetration Testing, PCI Vulnerability Scanning, Security Event Management, and Endpoint Security.
- Provides leadership oversight for security and compliance tool selection, deployment, and adoption. This includes business case, budgeting, process, and working with end users to ensure proper adoption.
- Maintains, distributes, and updates IT policies related to security and IT governance for SOX compliance. Periodically reviews compliance with existing policies and works with internal and external audit on IT governance controls and mitigations.
- Develops and operationalizes emergency procedures and incident response protocols. Acts as the Incident Manager during significant security incidents. Investigates security breaches, communicates with appropriate executive management, and pursues associated legal protocols in relation to any security investigation, incident, or security breach.
Skills & Knowledge
- Bachelor's Degree in Information Technology or Computer Science
- Thorough understanding of security best practices related to Microsoft technologies, Cisco/Meraki Networks, AWS, and Azure
- Strong written, verbal skills and executive presence
- Ability to interact effectively with all levels of leadership, IT staff, vendors, auditors, and other parties impacting the company’s security state
- Familiarity with public company IT audit requirements (SOX)
- CISM, CISSP, or equivalent preferred
- 8+ years of experience managing IT Security Operations and Compliance in a multi-unit retail environment (restaurants preferred)
- Proven experience in planning security strategy and IT security projects in a $1B+ enterprise
- Experience with Managed Security Service Providers including establishing protocols, establishing and managing to SLAs, understanding contractual agreements, and day to day operations
- Medical, Dental, and Vision Insurance
- Transit Discount Program
- 401K Plan
- Paid Time Off Program
- Flexible Spending Accounts
- Employee Dining Program
- Referral Bonus
- Online Training Program
- Career Development
- Corporate Fitness Discount Programs
- Choice of Global Cash Card or Direct Deposit
Beginning as a hot dog cart in New York City’s Madison Square Park, Shake Shack was created by Danny Meyer, Founder and CEO of Union Square Hospitality Group and best-selling author of Setting the Table. Shack Fans lined up daily, making the cart a resounding success, and donating all proceeds back to the park beautification efforts. A permanent stand was eventually built…and the rest is Shack history! With our roots in fine dining and giving back to the community, we are committed to high quality food served with a high level of hospitality. Our team members enjoy a positive work environment that is deeply committed to the philosophy they we "Stand for Something Good."
Shake Shack is an Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, ancestry, national origin, religion, creed, age (over 40), disability (mental and physical), sex, gender identity, sexual orientation, gender expression, medical condition, genetic information, marital, military and veteran status.
Our company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable laws.