The Vice President of Cybersecurity will lead the company’s cybersecurity program, with full responsibility for protecting both internal operations and customer-facing external technologies. This job is ideal for a hands on builder/leader that will design the security roadmap, conduct maturity assessments, and strengthen security across all domains, including application security and secure SDLC, while driving corrective action plans to close gaps. They will work closely with technology, product, and operational teams, oversee external partners, and represent the company credibly with customers, partners, and auditors. The VP will also provide periodic updates to senior leadership on security posture, risks, and the progress of major initiatives.

Design and execute a comprehensive cybersecurity strategy and roadmap that addresses both internal IT security and external product/application security.

· Conduct enterprise-wide maturity assessments using frameworks such as NIST CSF or ISO 27001; maintain a risk register and corrective action plans to close identified gaps.

· Lead risk management, vulnerability management, incident response, threat intelligence, and security awareness initiatives.

· Ensure security tools and processes (e.g., vulnerability management, MDR, cloud security, endpoint security) are effectively integrated into IT, engineering, and product workflows.

· Establish and oversee application security and secure SDLC practices; conduct assessments, baseline maturity, and drive remediation plans for external-facing technologies and software development processes.

· Manage and hold accountable external cybersecurity partners (MDR, CNAPP, MSSP) and ensure findings are prioritized and remediated on time.

· Build and manage a third-party risk management program, including vendor security assessments and ongoing monitoring.

· Ensure data classification, retention, and privacy controls meet regulatory and customer requirements.

· Oversee security audits and ensure compliance with industry frameworks and regulatory requirements (e.g., NIST, ISO 27001, SOC2, data privacy laws).

· Represent the company’s cybersecurity posture during customer security reviews, RFPs, and contractual assessments, building confidence and trust in company practices.

· Define and track cybersecurity KPIs and KRIs to measure posture and drive continuous improvement; provide periodic updates to senior leadership on posture and risks.

· Foster a security-minded culture and develop internal capability (directly and through external partners) to meet evolving threats.

· Perform other duties as required to support the cybersecurity mission and enterprise objectives.

Education and Formal Training:

· Bachelor’s Degree in Information Security, Computer Science, or a related field.

· Master’s degree preferred.

Experience:

· 10+ years of progressive cybersecurity experience with a strong record of building or significantly maturing security programs.

· Broad expertise in internal IT security, cloud security (Azure, AWS), vulnerability management, and data protection.

· Proven track record of leading operations within multi-cloud environments and using security tools for threat detection, monitoring, and response.

· Track record of conducting enterprise-wide assessments and building corrective action plans using frameworks such as NIST CSF, ISO 27001, or SOC2.

· Hands-on experience with SIEM, endpoint security, DLP, vulnerability management, and M365 security tools.

· Experience leading application security and secure SDLC initiatives, including assessing and governing security in software development environments.

· Ability to engage with engineers and developers on application and product security while also managing operational IT security.

· Demonstrated strength in representing cybersecurity posture to executives, customers, and auditors.

· Experience managing outsourced security partners (MDR, CNAPP, MSSP) and coordinating with IT, engineering, product, and business leaders.

· CISSP, CISM, or similar certifications strongly preferred.

· Relevant security certifications (e.g. CISSP, CISM) are strongly preferred;

· Ability to cultivate a high-performance team culture, with strong interpersonal skills for cross-functional collaboration.

Working Conditions: Majority will be an inside office environment.

Physical Demands: Regularly required to stand or sit, and move about the facility.

Sonny's Enterprises is the world's largest manufacturer of conveyorized car wash equipment, parts, and supplies. We are the industry leader, recognized and awarded by the International Car Wash Association for innovating new technologies to advance the industry with products proudly designed and built in the USA. Our culture thrives on finding new and better ways to accelerate what’s next. We embrace change and the opportunity it produces to maximize the potential of our most valuable resource — our PEOPLE! We invite you to explore our opportunities and grow your career with us.

We offer 100% employer paid medical plan. Other optional benefit programs are available to our employees and their families which include: 401(k) match,

additional medical plans, dental, vision, flex spending account, short-term and long-term disability & life insurance coverage.

EEO Statement

Equal Opportunity Employer

Sonny’s is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.