Job DescriptionThe Director of Security Services is a senior leadership role responsible for delivering and scaling security capabilities across a complex distribution and digital commerce environment. This role leads three core functions: Enterprise & Product Security Architecture (including cloud), Product Security (DevSecOps), and Security Assurance.
In a distribution business, this leader ensures the protection of supply chain systems, eCommerce platforms, product integrations, and partner ecosystems while enabling business growth, operational efficiency, and digital transformation. The Director will embed security into commercial platforms, customer-facing applications, logistics systems, and cloud infrastructure, balancing risk management with speed and scalability.
JOB DUTIES:
Leadership & Business Alignment
- Define and execute a security services strategy aligned to distribution operations, digital commerce growth, and enterprise risk priorities
- Partner with business leaders across supply chain, procurement, sales, eCommerce, and IT to integrate security into core operations
- Build and lead high-performing teams across architecture, product security, and assurance
- Establish actionable security metrics tied to business risk, uptime, and customer trust
Enterprise & Product Security Architecture (including Cloud)
- Define and enforce secure architecture standards across ERP systems, warehouse management systems (WMS), eCommerce platforms, APIs, and cloud infrastructure
- Lead the design of secure solutions for B2B integrations, supplier connectivity, and third-party platforms
- Oversee cloud security strategy across SaaS, IaaS, and PaaS environments (e.g., Azure, AWS), including identity, access, data protection, and network security
- Establish secure-by-design patterns for digital commerce, mobile apps, and customer portals
- Support modernization initiatives, including legacy system transformation and platform consolidation
Product Security (Application Security / DevSecOps)
- Build and scale a developer-centric product security program integrated into the SDLC for internal and customer-facing platforms
- Implement controls for secure API development, eCommerce applications, and third-party integrations
- Lead practices such as threat modeling, secure code review, SAST/DAST, open-source risk management (SCA), and container security
- Enable DevSecOps by integrating security into CI/CD pipelines supporting digital platforms and operational systems
- Partner with engineering teams to secure high-availability and transaction-heavy systems
Security Assurance
- Establish a comprehensive security assurance program covering:
- Vulnerability management across enterprise, warehouse, and edge environments
- Penetration testing of eCommerce platforms and external-facing services
- Control validation for critical systems supporting order processing, logistics, and financial transactions
- Ensure adherence to regulatory, contractual, and partner-driven security requirements
- Lead risk-based assessments for third-party vendors, suppliers, and integration partners
- Develop reporting that clearly communicates risk posture, remediation progress, and operational impact
Third-Party & Supply Chain Security
- Define and implement security standards for vendor onboarding, supplier integrations, and third-party platforms
- Assess and manage risks across a broad ecosystem of manufacturers, logistics providers, and technology partners
- Embed security into digital supply chain processes and data exchanges
Cross-Functional Collaboration
- Collaborate with IT, engineering, product, operations, and compliance teams to deliver integrated security outcomes
- Support incident response and resilience for distribution operations and customer-facing systems
- Promote a culture of security ownership across technical and operational teams
YOU MUST HAVE:
- 10+ years of cybersecurity experience, with 5+ years in a leadership role
- Experience operating security programs in distribution, manufacturing, retail, or supply chain-driven environments
- Proven leadership across security architecture, application/product security, and assurance functions
- Strong expertise in securing cloud environments (AWS, Azure, or GCP) and hybrid infrastructures
- Experience securing eCommerce platforms, APIs, and high-volume transaction systems
- Familiarity with third-party risk and supply chain security challenges
- Deep understanding of frameworks such as NIST, ISO 27001, CIS, and OWASP
- Ability to align security strategy with operational uptime, customer experience, and revenue protection
WE VALUE:
- Experience in low-voltage distribution, industrial distribution, wholesale, or adjacent industries
- Background supporting ERP (e.g., SAP), WMS, CRM, and digital commerce platforms
- Experience with B2B integrations, EDI, and partner-facing APIs
- Familiarity with Zero Trust models and identity-first security approaches
- Experience securing OT/IoT or warehouse technologies (e.g., scanners, automation systems)
- Hands-on technical background in engineering, cloud, or infrastructure
- Relevant certifications (e.g., CISSP, CISM, CCSP, cloud security certifications)
#LI-HYBRID
#LI-MH2
