We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
TriMark USA jobs

Corporate Director, CyberSecurity

TriMark USA
tuition reimbursement, 401(k)
United States, Massachusetts, Mansfield
9 Hampshire Street (Show on map)
Apr 01, 2026

TriMark USA is the country's largest provider of design services, equipment, and supplies to the foodservice industry. We proudly serve our customers by providing design services, commercial equipment, and foodservice supplies across a wide range of industries and business sectors. Headquartered in Massachusetts, with a history dating back to 1896, we have locations across the country that offer foodservice operators an unparalleled level of service by combining our unique design capabilities and our expert market knowledge with the purchasing strength, delivery, installation, and after-sales service capabilities of a national company. Our employees are focused on creating customized solutions for our clients to ensure they achieve their culinary goals while upholding our I.C.A.R.E. values: Integrity, Customer Service, Accountability, Respect, and Excellence. For more information, please visit: www.trimarkusa.com

Why you'll love it here!


+ Benefits include Medical, Dental, Vision, Tuition Reimbursement, Pet, and Legal Insurance


+ 401k
+ Community Service Day


+ Spotlight Awards


+ National Sales Excellence Awards


+ CFSP Prep Certification Program



POSITION SUMMARY:



  • The Director of CyberSecurity reports to the Chief Intelligence Officer
  • Located in Mansfield, MA
  • Full-Time
  • Hybrid



POSITION OVERVIEW: TriMark USA is seeking an accomplished Director of Cybersecurity to lead the company's enterprise security function across its national footprint. This is a senior leadership role responsible for owning and evolving the cybersecurity strategy, managing security operations, and protecting a complex, distributed environment spanning cloud, on-premises, and hybrid infrastructure. The ideal candidate brings a track record of translating technical risk into business decisions, has operated at scale, and can credibly engage both the boardroom and the SOC. This role reports to the CIO and carries direct budget ownership, executive-level reporting responsibilities, and cross-functional authority over security posture across the organization. The Director is expected to present to the executive team and, on a defined cadence, to the board or audit committee.


ESSENTIAL FUNCTIONS & RESPONSIBILITIES:


Security Strategy & Architecture:


* Own and continuously evolve a risk-based cybersecurity strategy aligned to business objectives, regulatory obligations, and the current threat landscape.


* Lead the design and implementation of a Zero Trust Architecture (ZTA) across identity, network, data, and endpoint domains, incorporating least-privilege access, continuous verification, and micro-segmentation.


* Direct cloud security posture across multi-cloud and hybrid environments, ensuring alignment with shared responsibility models and CNAPP/CSPM controls.


* Drive AI security governance - both leveraging AI-powered tooling for defense and establishing policy and controls around the organization's use of AI/GenAI platforms, working alongside the AI steering committee.


* Assess and advance post-quantum cryptography readiness as part of long-range strategic planning. Security Operations & Engineering


* Oversee the full security operations function including a modern detection and response stack: SIEM, SOAR, XDR, and threat intelligence platforms.


* Drive an automation-first approach to Managed Detection and Response (MDR) - whether through internal capability, MSSP partnership, or a hybrid model - with a focus on reducing mean time to detect (MTTD) and mean time to respond (MTTR).


* Direct vulnerability management, penetration testing, threat hunting, and red team/purple team exercises with ongoing risk reporting.


* Champion Identity and Access Management (IAM) including phishing-resistant MFA, Privileged Access Management (PAM), and continuous access auditing as a foundational security control.


* Integrate DevSecOps practices into the software development lifecycle, embedding SAST, DAST, and SCA tooling across engineering and application teams, including externally facing platforms.


* Own and mature an insider threat program encompassing behavioral analytics, access monitoring, and policy enforcement across a geographically distributed workforce. Data Security & Classification


* Define and enforce a data classification framework across structured and unstructured data, including customer PII, payment data, supplier contracts, and internal operational data.


* Own and operate data loss prevention (DLP) controls across endpoints, email, cloud storage, and collaboration platforms.


* Ensure sensitive data handling policies are operationally enforced and regularly tested, not merely documented.



M&A Security Due Diligence & Integration


* Own cybersecurity due diligence for M&A targets: assess security posture, identify material risk, and deliver findings to the executive team and deal team prior to close.


* Develop and maintain integration playbooks for acquired entities, including network segmentation, identity consolidation, endpoint compliance, and legacy platform risk assessment.


* Establish a defined security baseline that acquired organizations must reach within a specified post-close window, with measurable milestones and executive reporting.


* Maintain awareness of security debt inherited through acquisition and factor it into enterprise risk reporting and budget planning. Third-Party & Supply Chain Risk


* Establish and maintain a third-party and supply chain risk management program, including vendor security assessments, Software Bill of Materials (SBOM) practices, and continuous vulnerability scanning across vendor-managed components.


* Own vendor security SLAs and maintain accountability for third-party risk exposure. Governance, Risk & Compliance (GRC)


* Maintain compliance with applicable regulatory frameworks including SOC 2, NIST CSF 2.0, ISO 27001, PCI-DSS, and applicable state/federal data privacy requirements.


* Lead risk quantification efforts and translate security risk into financial exposure models for executive and board consumption, presented on a defined cadence to the CIO and, as appropriate, the audit committee.


* Own the cybersecurity budget including capital and operational spend, vendor contracts, and ROI measurement.


* Own the relationship with the company's cyber insurance carrier, including annual underwriting reviews, coverage adequacy assessments, and claims coordination.


* Produce regular security metrics, KPIs, and executive dashboards that reflect organizational risk posture honestly and clearly. Incident Response & Resilience


* Own the enterprise incident response plan and tabletop exercise program; ensure plans are tested, current, and operationally rehearsed.


* Lead response to material security incidents including ransomware, data breaches, and business email compromise, including crisis communications and regulatory notification obligations.


* Work with the Lead of Infrastructure and HR to ensure business continuity and disaster recovery planning intersects appropriately with cybersecurity resilience.



Team Leadership & Culture:


* Build, lead, and retain a high-performing cybersecurity team of 4 direct reports; establish clear career paths and invest in technical development.


* Foster a security-aware organizational culture through relevant, effective security awareness training - moving beyond checkbox compliance.


* Serve as an organizational authority on emerging threats and proactively brief executives and functional leaders on evolving risk.



COMPETENCIES:


* Demonstrated ability to architect and execute security strategy at scale in complex, distributed environments.


* Operational command of modern security tooling: XDR, SOAR, SIEM, PAM, CNAPP, and cloud-native security platforms.


* Proven ability to quantify and communicate cybersecurity risk in business terms - to board members, auditors, and frontline teams alike.


* Track record of advocating for security budgets, presenting risk assessments to executives, and influencing organizational priorities while keeping technical teams aligned. * Deep understanding of the threat landscape including AI-augmented attacks, ransomware operations, supply chain compromise, insider threats, and identity-based intrusion.


* Experience governing AI tool adoption from a security and policy standpoint.


* Strong vendor management and contract negotiation skills; ability to hold third parties accountable to security SLAs.


* Experience conducting cybersecurity due diligence in M&A contexts and executing post-acquisition security integration.


* Familiarity with cyber insurance underwriting processes and coverage optimization.



QUALIFICATIONS & EXPERIENCE:


* Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field required; Master's degree or MBA preferred.


* 10-15 years of progressive cybersecurity experience, with a minimum of 5 years in a senior leadership role with direct budget and team ownership.


* Hands-on experience architecting or implementing Zero Trust, cloud security, and identity-centric security programs at scale.


* Demonstrated experience with NIST CSF, ISO 27001, SOC 2, and PCI-DSS compliance frameworks.


* Familiarity with modern detection and response platforms (e.g., CrowdStrike, Microsoft Sentinel, Palo Alto XDR, or equivalent).


* Experience managing third-party and supply chain risk programs.


* Experience conducting M&A cybersecurity due diligence and/or leading post-acquisition security integration is strongly preferred.


* Relevant senior certifications required or strongly preferred: CISSP, CISM, or CRISC. Cloud-specific credentials (CCSP, AWS Security Specialty, or equivalent) are a meaningful differentiator. CDPSE is a plus given evolving data privacy obligations.


* Ability to successfully pass a background check post-offer acceptance.



#SHIndeed

The range provided represents the national average pay range for this position and is considered to be a general guideline. Pay for this position will reflect the candidate's unique qualifications and may be higher or lower than the range provided based on employee geographic location. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other local, state, and federal law.


In addition to base salary, this role will be eligible for participation in TriMark's' benefits programs, including medical, dental, vision, 401K (with employer match), etc. Leadership positions may also qualify for participation in bonus programs commensurate with role and scope of responsibility.


TriMark's commitment to diversity, inclusion and belonging is a purposeful mission of strengthening our organization and those we serve by uniting the unique and beautiful differences of our employees. This mission is instilled in the fiber of who we are as a company, setting the standard for our industry. We are committed to promoting diversity, inclusion and belonging through sharing, education, and experiences.


TriMark USA provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.


This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.


If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to accommodations@trimarkusa.com.



Scam Alert: TriMark will never ask an applicant for their social security number or to make a payment related to a job application or job offer, or to pay for workplace equipment. Further, all communications with TriMark recruiters will come from an e-mail address ending in TriMarkUSA.com. If you have any concerns about the legitimacy of a job posting or recruiting contact, please contact recruitment@trimarkusa.com

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-pqfbt)