VP, Cybersecurity Engineering

VP Cybersecurity Engineering

The VP Cybersecurity Engineering is responsible for developing, implementing, and monitoring the strategic and comprehensive enterprise cybersecurity program. This role ensures that the organization's cybersecurity posture is robust and resilient against emerging threats and safeguards the enterprise IT environment. The VP Cybersecurity Engineering will provide the vision and leadership necessary to manage the security risks to the organization and will ensure business alignment. This position requires a dynamic leader with a deep understanding of cybersecurity engineering practices, regulatory requirements, and risk management strategies.

Job Will Remain Open Until Filled

The Company is one of North America’s leading sales and marketing agencies specializing in outsourced sales, merchandising, category management, and marketing services to manufacturers, suppliers, and producers of food products and consumer packaged goods. The Company services a variety of trade channels including grocery, mass merchandise, specialty, convenience, drug, dollar, club, hardware, consumer electronics, and home centers. We bridge the gap between manufacturers and retailers, providing consumers access to the best products available in the marketplace today.

Essential Responsibility
Strategic leadership and management:

• Own development and execution of the cybersecurity engineering strategy and security architecture aligned with the company's business goals and legal requirements and oversee cybersecurity standards and procedures to ensure they are in accordance with applicable laws, regulations, and industry standards.
• Direct strategic risk guidance for IT projects, including evaluation and recommendation of technical controls and capabilities.
• Regularly review and refine the company's cybersecurity practices, leveraging technology and industry best practices to drive efficiency and effectiveness.
• Active in Merger and Acquisition activity, including company diligence and proposed integration strategies.
• Represents the cybersecurity and compliance department to the organization, and to internal/external stakeholders.
• Ownership of the cybersecurity 18-month technology roadmap and 3-year strategic plan.

Enterprise Information Security Management

• Educate company leaders on appropriate security risk and mitigation strategies.
• Responsible for the overall effectiveness and efficiency of cybersecurity platforms and systems.
• Develop and enhance cybersecurity capabilities by evaluating cybersecurity threats, trends, and testing activities.
• Educate company executives and leaders on appropriate security risk and mitigation strategies.
• Create comprehensive security reports for the executive leadership and board of directors that provide clear insights into the company's risk profile, compliance status, and governance effectiveness.
• Promote and integrate secure development practices across the software development lifecycle (SDLC).
• Ensure that all security engineering practices comply with relevant regulations, standards, and frameworks.

People and relationship management

• Develop relationships with stakeholders so that the VP position becomes the trusted single point of contact for stakeholders for all initiative communications.
• Act as a liaison between cybersecurity and other IT and business units, ensure effective communication, and integrate cybersecurity capabilities into business processes.
• Own a defined communication plan for stakeholders that includes specific deliverables on a set frequency (e.g.: daily calls, weekly or monthly status reports, quarterly roadmaps, etc.).
• Operational Responsibilities
• Own the day-to-day direction of team activities and project milestones.
• Own of department and project budgets from a capital and operating expense perspective.
• Establish and monitor KPIs and metrics, measure the effectiveness of cybersecurity programs, and report on the organization’s cybersecurity posture to senior leadership and the board of directors.

Supervisory Responsibilities

Direct Reports
- Hires, retains, trains, coaches, guides, directs, and develops direct reports using company-wide processes, tools and resources

Indirect Reports
- May delegate work of others and provide guidance, direction and mentoring to indirect reports

Minimum Qualifications 
Education Level:
(Required): Bachelor's Degree or equivalent experience
(Preferred): Master's Degree  Or equivalent experience           

Field of Study/Area of Experience: Computer Science, Cybersecurity, IT, or a related field.

10+ years of experience in cybersecurity engineering, architecture, operations, or cyber defense

Skills, Knowledge and Abilities

• In-depth knowledge of cybersecurity principles, industry standards, frameworks, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework, CIS Controls),
• Excellent written and verbal communication skills, with the ability to present complex cybersecurity issues and strategies clearly to various stakeholders, including the executive team and senior leadership.
• Knowledge of relevant regulations and standards, including GDPR, SOX, PCI-DSS, NIST, and ISO 27001.
• Strong understanding of risk management and threat modeling methodologies and the ability to assess and prioritize risks effectively.
• Strong ability to analyze complex data, interpret compliance requirements, and develop effective solutions.
• Familiarity with internal and external audit processes and the ability to coordinate and respond to audit findings.
• Understanding of establishing and maintaining an enterprise cybersecurity framework.
• Proven skills in leading and managing high-performing cybersecurity teams.
• Experience in managing budgets, allocating resources, and procuring cybersecurity tools and technologies.
• Strong ability to lead and manage the engineering and architecture function, develop and execute strategic plans, and guide the organization towards its cybersecurity objectives.
• Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve cybersecurity objectives.
• Proficiency in planning, executing, and monitoring multiple projects simultaneously to ensure they are completed on time and within budget.
• In-depth technical knowledge of core cybersecurity principles, practices, and methodologies.
• Technical expertise with cybersecurity technologies, tools, and solutions, such as firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM (Security Information and Event Management) systems, and encryption technologies.
  Commitment to ongoing professional development and continuous learning in the field of cybersecurity, risk management, and compliance.

Environmental & Physical Requirements
The work environment is dynamic, collaborative, and fast-paced, reflecting the critical nature of IAM in protecting the organization's digital assets and maintaining regulatory compliance. The role supports cybersecurity incidents and regulatory audits and will require occasional weekend/holiday, and on-call availability. Up to 10% travel may be required.

Additional Information Regarding Advantage Solutions Job Duties and Job Descriptions
Job duties include additional responsibilities as assigned by one’s supervisor or other manager related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job positions, or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties and skills required of associates so classified.

The Company is committed to providing equal opportunity in all employment practices without regard to age, race, color, national origin, sex, sexual orientation, religion, physical or mental disability, or any other category protected by law. As part of this commitment, the Company shall provide reasonable accommodations of known disabilities to enable an applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.