This is a remote position! This position is being recruited through the Papa Murphy’s International subsidiary of MTY Food Group, a publicly traded company listed on the Toronto Stock Exchange (“MTY”). The MTY family of 90 restaurant brands include mainstays such as Cold Stone Creamery, Famous Dave’s, Wetzel’s Pretzels, and Papa Murphy’s.

Director of Cybersecurity Strategy and Risk Management

Reporting to the VP, Cyber Security & IT Compliance, the Director of Cybersecurity Strategy and Risk Management will be instrumental in shaping MTY Food Group’s security posture. This highly visible role will collaborate across business units and departments to help identify, prioritize, and manage cyber risks throughout MTY’s portfolio of 90 brands. Additionally, this position will manage a small team of individuals specializing in various proactive security domains. Successful candidates will have broad cybersecurity experience, strong business acumen, and the ability to build and maintain partnerships at all levels of the organization.

Key Responsibilities

• Foster strong relationships with stakeholders across the organization, including senior leadership, business units, and technology teams, to ensure a cohesive security strategy.
• Collaborate with IT, Legal, Marketing, and other internal departments to integrate cybersecurity measures into business processes and third-party technology solutions.
• Navigate a complex, multi-vendor digital ecosystem to help ensure MTY’s internal cybersecurity resources are allocated to areas of greatest value and/or risk.
• Serve as the primary point of contact for all matters related to third-party cybersecurity risks, providing leadership and expert guidance across business units.
• Oversee the third-party risk management (TPRM) program, including identification, assessment, and mitigation of cybersecurity risks among prospective and existing vendors.
• Endeavor to understand the purpose and business value of vendors and solutions instead of completing “check the box” security assessments.
• Contribute to impactful special projects, such as M&A due diligence, enterprise transformation initiatives, and Board-level reports.
• Proactively seek out knowledge of current and emerging cybersecurity technologies and trends.
• Lead and manage a team of security professionals, ensuring their professional development and cultivating a collaborative and trusting team environment.

Required Qualifications:

• 10 years of relevant experience in any combination of cybersecurity / information security, information technology, or IT risk management.
• Proven ability to align cybersecurity strategies with business objectives and manage risks in a business context.
• Experience conducting meaningful security reviews and risk assessments for new and existing vendors, ideally in the retail and/or hospitality industries.
• Applied knowledge of security architecture and cybersecurity frameworks (NIST CSF, CIS, ISO 27000, etc.).
• Adept at managing competing priorities and finding ways to achieve incremental progress.
• Excellent communication, collaboration, and stakeholder management abilities.
• Strong leadership, strategic thinking, and problem-solving skills.
• Ability to effectively lead and manage small teams, with a focus on creating a positive, trust-based work environment.

Preferred Qualifications:

• Expertise in the following security domains: GRC, IAM, Security Architecture, Data Protection.
• Experience with digital marketing, e-Commerce, and/or point of sale environments.
•  Experience with data privacy regulations and programs.
• Experience with Payment Card Industry (PCI-DSS) compliance.
• Experience in a global or multinational business environment.
• Bachelor’s degree in computer science, cybersecurity, information technology, or a related field.
• MBA or similar advanced degree.
• Industry-recognized certifications such as CISSP, CISM, CRISC, CCSP, et al.

What we bring to the table:

• Salary range: $155,000-$170,000. Actual offer may vary from posted hiring range based on location, work experience, and/or education.
• Competitive insurance benefits including medical, dental, vision, HSA, and FSA (dependent care/medical)
• Company paid life, accidental death & dismemberment, and long-term disability insurance
• Optional supplemental life, accidental death & dismemberment, and short-term disability insurance
• 401(k) retirement account with employer match and immediate vesting
• Paid time off accrual account (starts at 80 hours per year, with an additional day added annually up to 25 days)
• Paid Sick and Safe Time (PSST) that will accrue to up 40 hours per year
• 10 paid holidays per year, plus an additional 2 floating holidays
• 8 Hours of Papa Cares Volunteer Hours per year
• Paid Parental Bonding Leave
• Tuition Assistance
• Employee Assistance Program
• 50% pizza discount at Papa Murphy’s Company Stores

Please Note:

The intent of this job description is to provide a representation of the types of duties and responsibilities that will be required in this position and shall not be construed as a declaration of the total of the specific duties and responsibilities of any particular position. Employees may be directed to perform job-related tasks other than those specifically presented in this description.

Papa Murphy’s International, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.