Director - Security Engineering
Apply NowCompany: The Wendy's Company
Location: Dublin, OH 43017
Description:
Why Wendy's
The Director of Security Engineering is a key member of the Information Security Leadership Team, reporting directly to the Vice President, Chief Information Security Officer (CISO). Overseeing the Security Architecture, Application Security, and Offensive Security teams, this role is crucial in developing and implementing technical roadmaps, aligned with overall security strategy, designed to ensure the organization's security posture remains robust and resilient against evolving threats. Additionally, candidates in this role will rely on technical experience and risk management expertise to lead cross-functional initiatives, including implementations of new security tooling, cloud platform security, and Wendy's Digital security.
This position is responsible for directing teams that develop and implement security architecture, procedures, standards, and controls to ensure the confidentiality, availability, and integrity of Wendy's information systems. It also oversees the development and implementation of software assurance program for Wendy's custom-developed applications, ensuring that secure development principles are integrated into the application development lifecycle. The role directs engineering team performing penetration tests, red team, and other security assessments. By influencing beyond direct reports, this role ensures Information Security representation in technology projects, playing a pivotal role in maintaining the organization's overall security posture.
Responsibilities
Directs development and implementation of Wendy's Information Security architecture with a goal of developing cost-effective strategies for ensuring the continued confidentiality, availability, and integrity of Wendy's information systems.
Directs the planning and execution of penetration testing, security testing, and other security assessments of complex technology environments, cloud native applications, restaurant environments, and mobile applications/devices. Oversees engineering team that perform security assessments and penetration tests of Wendy's information systems and software for impact on Wendy's security posture.
Directs the development and execution of the secure software development process, with focus on building control procedures which support product releases and enable the Digital organization to meet business requirements while maintaining security posture.
Directs the development and implementation of Security controls in Wendy's cloud environments and tooling that enable continuous monitoring of cloud security posture.
Monitors changes in information risk landscape and overall technology trends. Develops and proposes technical roadmaps for Enterprise Risk mitigation to Wendy's senior management including assisting CISO and CIO with Board of Directors presentations.
Assists with development of overall Information Security strategy. Translating strategy into technical roadmaps and requirements that align with business objectives and meet the organizational risk tolerance.
Oversees execution of technical control gap assessments and implementation of corrective action plans (related to technology compliance and security best practice frameworks).
Manages operational costs and contributes to the annual budgeting process.
Manages hiring, career development and planning, resource and budget planning, mentoring and performance discussions for team of 3 direct and 6 indirect reports while maintaining an inclusive and effective workforce. Build skills & technical capabilities to grow individual team members and the overall efficiency of the department.
Performs other duties as assigned.
Information Security Testing Report/Memo Issuance
New system security review and approval for production.
Information Security Policies and Standards
Information Security Annual Test Plan
Technology risk assessment planning and implementation
Penetration Testing Methodology and Tools selection
New Security Technology and Vendor Selection
Hiring Employees
Evaluation of Technology Vendor Security Controls
Information Security Technical Roadmaps
What we expect from you
12+ years Information Security experience, with a strong technical background in Security Engineering, Security Architecture, Application Security, and/or Penetration Testing.
5+ years of people management experience leading multiple engineering teams.
Industry certifications such as CISSP, CCSP, OSCP, GPCS, GSE, GSP, or equivalent experience.
In depth understanding of NIST SP800-30, CIS CSC, OWASP, PTES and/or other industry recognized Control Frameworks, Pen Testing frameworks and principles.
Knowledge of cloud-based technologies and DevSecOps software development framework.
Ability to convey complex technical security concepts to technical and non-technical audiences including executives.
Strong interpersonal, written, and oral communication skills. Highly self-motivated and directed and keen attention to detail.
In-depth understanding of many different network architectures, enterprise technology, system types, CI/CD platforms, public cloud platforms, and operating systems (e.g. K8s, Gitlab, AWS, GCP, Active Directory, LDAP, Linux, Windows, etc.).
Education: Bachelor's Degree
Travel: 25%
Pay Range: $218,000 - $256,000 Annually
The Director of Security Engineering is a key member of the Information Security Leadership Team, reporting directly to the Vice President, Chief Information Security Officer (CISO). Overseeing the Security Architecture, Application Security, and Offensive Security teams, this role is crucial in developing and implementing technical roadmaps, aligned with overall security strategy, designed to ensure the organization's security posture remains robust and resilient against evolving threats. Additionally, candidates in this role will rely on technical experience and risk management expertise to lead cross-functional initiatives, including implementations of new security tooling, cloud platform security, and Wendy's Digital security.
This position is responsible for directing teams that develop and implement security architecture, procedures, standards, and controls to ensure the confidentiality, availability, and integrity of Wendy's information systems. It also oversees the development and implementation of software assurance program for Wendy's custom-developed applications, ensuring that secure development principles are integrated into the application development lifecycle. The role directs engineering team performing penetration tests, red team, and other security assessments. By influencing beyond direct reports, this role ensures Information Security representation in technology projects, playing a pivotal role in maintaining the organization's overall security posture.
Responsibilities
Directs development and implementation of Wendy's Information Security architecture with a goal of developing cost-effective strategies for ensuring the continued confidentiality, availability, and integrity of Wendy's information systems.
Directs the planning and execution of penetration testing, security testing, and other security assessments of complex technology environments, cloud native applications, restaurant environments, and mobile applications/devices. Oversees engineering team that perform security assessments and penetration tests of Wendy's information systems and software for impact on Wendy's security posture.
Directs the development and execution of the secure software development process, with focus on building control procedures which support product releases and enable the Digital organization to meet business requirements while maintaining security posture.
Directs the development and implementation of Security controls in Wendy's cloud environments and tooling that enable continuous monitoring of cloud security posture.
Monitors changes in information risk landscape and overall technology trends. Develops and proposes technical roadmaps for Enterprise Risk mitigation to Wendy's senior management including assisting CISO and CIO with Board of Directors presentations.
Assists with development of overall Information Security strategy. Translating strategy into technical roadmaps and requirements that align with business objectives and meet the organizational risk tolerance.
Oversees execution of technical control gap assessments and implementation of corrective action plans (related to technology compliance and security best practice frameworks).
Manages operational costs and contributes to the annual budgeting process.
Manages hiring, career development and planning, resource and budget planning, mentoring and performance discussions for team of 3 direct and 6 indirect reports while maintaining an inclusive and effective workforce. Build skills & technical capabilities to grow individual team members and the overall efficiency of the department.
Performs other duties as assigned.
Information Security Testing Report/Memo Issuance
New system security review and approval for production.
Information Security Policies and Standards
Information Security Annual Test Plan
Technology risk assessment planning and implementation
Penetration Testing Methodology and Tools selection
New Security Technology and Vendor Selection
Hiring Employees
Evaluation of Technology Vendor Security Controls
Information Security Technical Roadmaps
What we expect from you
12+ years Information Security experience, with a strong technical background in Security Engineering, Security Architecture, Application Security, and/or Penetration Testing.
5+ years of people management experience leading multiple engineering teams.
Industry certifications such as CISSP, CCSP, OSCP, GPCS, GSE, GSP, or equivalent experience.
In depth understanding of NIST SP800-30, CIS CSC, OWASP, PTES and/or other industry recognized Control Frameworks, Pen Testing frameworks and principles.
Knowledge of cloud-based technologies and DevSecOps software development framework.
Ability to convey complex technical security concepts to technical and non-technical audiences including executives.
Strong interpersonal, written, and oral communication skills. Highly self-motivated and directed and keen attention to detail.
In-depth understanding of many different network architectures, enterprise technology, system types, CI/CD platforms, public cloud platforms, and operating systems (e.g. K8s, Gitlab, AWS, GCP, Active Directory, LDAP, Linux, Windows, etc.).
Education: Bachelor's Degree
Travel: 25%
Pay Range: $218,000 - $256,000 Annually