Sr. Director -Information Security

About Grocery Outlet:

• Our Mission: Touching lives for the better
• Our Vision: To be the first choice for bargain-minded consumers in the U.S.
• Our Values: Achievement, Diversity, Entrepreneurship, Family, Fun, Integrity & Service

About the Team:

Our IT team's mission is to push the boundaries of technology with the intention of going above and beyond to aid stores and customers and deliver timely solutions to benefit all members of Grocery Outlet. Our team consists of problem solvers and go-getters who are dedicated to being service-oriented and solving important problems.

About the Role:

As the Sr. Director, Information Security you will be the enterprise lead for cybersecurity at Grocery Outlet You will be responsible for developing and executing a company-wide information security program. You will serve as the primary point of accountability for all aspects of cybersecurity, including governance, threat detection and response, compliance, and risk management.

You are a strategic and pragmatic security leader who thrives in fast-paced environments. You combine a strong technical foundation with sound judgment, and you know how to scale a security program while enabling business outcomes. You're hands-on when needed but focused on building long-term capabilities.

You will partner cross-functionally with leaders in Infrastructure, Engineering, Legal, Compliance, and Store Operations to ensure confidentiality, integrity, and availability of enterprise systems and data. You'll also lead the modernization and maturity of security practices across on-prem, cloud, and retail environments. The Sr. Director, Information will report to the SVP, Chief Information Officer.

Responsibilities Include:

Cybersecurity Strategy & Governance

• Define and execute Grocery Outlet's information security strategy in alignment with business priorities and risk appetite.
• Serve as the lead advisor to the CIO and executive team on cyber risk, compliance, and incident response.

Cybersecurity Operations & Monitoring

• Oversee the Security Operations Center (SOC), incident detection, response, and remediation across all corporate and store systems.
• Ensure high observability and active monitoring of key platforms (SAP S/4HANA, GCP, custom applications).

Governance, Risk & Compliance (GRC)

• Lead the implementation and continuous improvement of GRC practices aligned to frameworks such as NIST CSF and SOX.
• Ensure compliance with CCPA, PCI-DSS, and other regulatory obligations impacting retail and enterprise operations.

Identity, Access, and Data Protection

• Lead IAM and privileged access management (PAM) strategy and tooling.
• Oversee data classification, encryption, and loss prevention policies and enforcement across systems.

Team & Vendor Management

• Manage security professionals across GRC, architecture, and SOC functions.
• Oversee third-party security partners and manage security-related vendor relationships and contracts.

Security Architecture & Engineering

• Collaborate with Development and Infrastructure teams to ensure secure design, coding, and deployment practices.
• Drive adoption of secure software development lifecycle (SSDLC) practices across internal and vendor-built platforms.

Incident Response & Business Continuity

• Maintain and regularly test the enterprise incident response plan.
• Coordinate with Legal and executive stakeholders during security events or breaches.

About The Pay:

• Base Salary: $180,000 - $210,000 Annually
• Annual Bonus Program
• Equity
• 401(k) Profit Sharing
• Medical, Dental, Vision & More!
• Final compensation will be determined based upon experience and skills and may vary based on location.

About You:

• 15+ years of experience in information security, risk management, or enterprise IT.
• 7+ years of leadership experience, including managing security teams and vendor ecosystems.
• Bachelor's degree in Computer Science, Cybersecurity, or related field preferred. Advanced degree a plus.
• Deep knowledge of NIST CSF, SOX, PCI, and data privacy frameworks.
• Experience with hybrid cloud environments (GCP preferred) and enterprise platforms like SAP S/4HANA.
• Proven success in building and maturing security programs in a complex, distributed enterprise.
• Strong communicator with executive presence; able to convey risk and trade-offs clearly to leadership.
• CISSP, CISM, or related certifications preferred.
• Strategic and operational leader with a strong sense of ownership and accountability for service outcomes.
• Deep expertise in IT service management platforms such as ServiceNow, Jira Service Management, Zendesk, or equivalent.
• Strong analytical, problem-solving, and decision-making capabilities in complex operational environments.
• Excellent communication, negotiation, and interpersonal skills, with the ability to influence stakeholders at all levels of the organization.
• Metrics-driven and disciplined in managing SLA performance, customer satisfaction (CSAT), and continuous improvement.
• Proven ability to lead and develop high-performing teams while effectively managing managed service providers and vendor partners.
• Effective at translating technical service issues into clear business impact and actionable improvement plans.

To learn about how we collect, use and secure your personal information. Click here to see our privacy policy.