What are the responsibilities and job description for the Director of Information Security position at Fleet Feet?
Our Company
We believe Running Changes Everything. If you believe that, too, we want to talk. With more than 280 stores and a robust e-commerce site, Fleet Feet is the largest running retailer in the country. Catering to more than runners, we pride ourselves on having an inclusive environment! We believe it’s a privilege to serve and to deliver unmatched service and support when outfitting every customer. We run together to solve problems, reach goals, encourage others and champion our brand.
Overview
Fleet Feet is seeking a strategic, hands-on Director of Information Security to build, mature, and lead our enterprise cybersecurity program across corporate, retail, eCommerce, franchise, and cloud environments.
This leader will be accountable for protecting customer, franchisee, employee, and enterprise data while enabling growth, innovation, and operational excellence. The role owns security strategy, governance, risk management, incident response, identity, and security architecture across a distributed retail footprint and modern SaaS/cloud ecosystem.
Collaborate across Infrastructure, Applications, Retail Systems, Data Analytics, Legal, Finance, and Marketing to integrate comprehensive security strategies throughout Fleet Feet's technology ecosystem.
Responsibilities
Enterprise Security Strategy & Governance
Required
We are an equal opportunity employer and believe having teams in which everyone brings their whole self to Fleet Feet is key to our success. We encourage people of all backgrounds, experiences, abilities, and perspectives. Our dedication to inclusion is reflected in our hiring practices, workplace culture, and community engagement.
Fleet Feet utilizes E-Verify in all corporate and company-operated stores as part of the hiring process.
We believe Running Changes Everything. If you believe that, too, we want to talk. With more than 280 stores and a robust e-commerce site, Fleet Feet is the largest running retailer in the country. Catering to more than runners, we pride ourselves on having an inclusive environment! We believe it’s a privilege to serve and to deliver unmatched service and support when outfitting every customer. We run together to solve problems, reach goals, encourage others and champion our brand.
Overview
Fleet Feet is seeking a strategic, hands-on Director of Information Security to build, mature, and lead our enterprise cybersecurity program across corporate, retail, eCommerce, franchise, and cloud environments.
This leader will be accountable for protecting customer, franchisee, employee, and enterprise data while enabling growth, innovation, and operational excellence. The role owns security strategy, governance, risk management, incident response, identity, and security architecture across a distributed retail footprint and modern SaaS/cloud ecosystem.
Collaborate across Infrastructure, Applications, Retail Systems, Data Analytics, Legal, Finance, and Marketing to integrate comprehensive security strategies throughout Fleet Feet's technology ecosystem.
Responsibilities
Enterprise Security Strategy & Governance
- Develop and execute a multi-year information security roadmap aligned to Fleet Feet’s growth strategy and risk tolerance.
- Establish and maintain enterprise security policies, standards, and control frameworks.
- Serve as the primary advisor to IT and leadership on cybersecurity risk posture and mitigation priorities.
- Align program to NIST CSF and other applicable frameworks
- Own PCI-DSS compliance across POS, payments, eCommerce, and retail systems.
- Oversee security architecture for in-store systems (POS, payment terminals, network segmentation, endpoint protection).
- Lead annual assessments, remediation programs, and third-party security validation activities.
- Oversee security monitoring, detection, and response across corporate, cloud, and retail systems
- Manage incident response planning, tabletop exercises, and real-world investigations.
- Ensure SIEM, EDR, identity monitoring, and cloud telemetry are appropriately tuned for optimal signal detection.
- Coordinate breach response across Legal, HR, Marketing, and executive leadership.
- Conduct post-incident reviews and drive systemic improvements.
- Own enterprise IAM strategy, including SSO, MFA, privileged access management, and lifecycle automation
- Advance a zero-trust architecture across workforce, franchise, and third-party access
- Implement least-privilege access models (RBAC).
- Secure identity integrations across SaaS platforms and cloud services.
- Secure Fleet Feet’s cloud environments, data platforms, and SaaS ecosystem.
- Partner with Marketing and Data teams to embed secure-by-design and secure SDLC practices
- Oversee encryption, key management, and data classification policies.
- Ensure appropriate controls around analytics platforms and data exports.
- Optimize security tooling to reduce complexity and improve visibility.
- Lead enterprise risk assessments, vulnerability management, and third-party risk reviews
- Maintain risk registers and remediation tracking.
- Ensure compliance with:
- PCI-DSS
- Franchise contractual security obligations
- Drive automation of evidence collection and audit reporting where possible
- Establish third-party risk management processes
- Assess vendor security posture before onboarding.
- Define security requirements in contracts and renewal negotiations.
- Provide security guidance to franchisee while maintaining corporate standards.
- Build and lead a high-performing security function spanning operations, architecture, and GRC.
- Develop internal talent and leverage managed security service providers appropriately.
- Foster a culture where security is viewed as a business enabler.
- Lead with transparency, ownership, and measurable outcomes.
Required
- 10 years of progressive, impactful experience in cybersecurity or enterprise IT, with a demonstrable track record of driving strategic security initiatives.
- 5 years in a senior security leadership role.
- CISSP, CISM, CRISC, or equivalent certification
- Proven experience building or maturing a security program in a distributed enterprise.
- Deep understanding of:
- NIST CSF and risk frameworks
- PCI-DSS and retail security
- Identity & Access Management platforms
- Cloud security architecture
- Experience leading incident response and vulnerability management programs
- Exceptional executive communication skills with a proven ability to translate complex cybersecurity risks into compelling business narratives that drive strategic decision-making.
- Experience in specialty retail, franchise models, or omnichannel commerce.
- Experience securing POS ecosystems and payment environments.
- Experience with zero-trust architecture initiatives
- Familiarity with hybrid cloud and SaaS-heavy environments
- Strategic thinker with strong operational discipline.
- Risk-based decision maker.
- Composed and collaborative leader who effectively manages high-pressure situations
- High ownership mentality with bias for action.
- Strong cross-functional influencer capable of driving enterprise alignment.
- Robust benefits package including medical, dental, vision, FSA, HSA, EAP, and more
- 401(k) with 4% employer match and immediate vesting (available to part- and full-time employees age 21 at company-owned stores)
- Training and advancement opportunities across the Fleet Feet brand
- Professional development programs, including mentorship, employee resource groups, and monthly learning sessions
- Community involvement and service initiatives supporting local engagement
- Discounts on training programs and products
- Supportive, passionate teammates who live the mission every day
- Benefits Summary: For full-time employees (30 hours/week), check out our Fleet Feet benefits summary for details on healthcare, wellness, and more.
We are an equal opportunity employer and believe having teams in which everyone brings their whole self to Fleet Feet is key to our success. We encourage people of all backgrounds, experiences, abilities, and perspectives. Our dedication to inclusion is reflected in our hiring practices, workplace culture, and community engagement.
Fleet Feet utilizes E-Verify in all corporate and company-operated stores as part of the hiring process.