Sonny's Enterprises is the world's largest manufacturer of conveyorized car wash equipment, parts, and supplies. We are the industry leader, recognized and awarded by the International Car Wash Association for innovating new technologies to advance the industry with products proudly designed and built in the USA. Our culture thrives on finding new and better ways to accelerate what’s next. We embrace change and the opportunity it produces to maximize the potential of our most valuable resource — our PEOPLE! We invite you to explore our opportunities and grow your career with us.

We offer 100% employer paid medical plan. Other optional benefit programs are available to our employees and their families which include: 401(k) match, additional medical plans, dental, vision, flex spending account, short-term and long-term disability & life insurance coverage.

The Vice President of Cybersecurity will lead the company’s cybersecurity program, with full responsibility for protecting both internal operations and customer-facing external technologies. This job is ideal for a hands on builder/leader that will design the security roadmap, conduct maturity assessments, and strengthen security across all domains, including application security and secure SDLC, while driving corrective action plans to close gaps. They will work closely with technology, product, and operational teams, oversee external partners, and represent the company credibly with customers, partners, and auditors. The VP will also provide periodic updates to senior leadership on security posture, risks, and the progress of major initiatives.

· Design and execute a comprehensive cybersecurity strategy and roadmap that addresses both internal IT security and external product/application security.

· Conduct enterprise-wide maturity assessments using frameworks such as NIST CSF or ISO 27001; maintain a risk register and corrective action plans to close identified gaps.

· Lead risk management, vulnerability management, incident response, threat intelligence, and security awareness initiatives.

· Ensure security tools and processes (e.g., vulnerability management, MDR, cloud security, endpoint security) are effectively integrated into IT, engineering, and product workflows.

· Establish and oversee application security and secure SDLC practices; conduct assessments, baseline maturity, and drive remediation plans for external-facing technologies and software development processes.

· Manage and hold accountable external cybersecurity partners (MDR, CNAPP, MSSP) and ensure findings are prioritized and remediated on time.

· Build and manage a third-party risk management program, including vendor security assessments and ongoing monitoring.

· Ensure data classification, retention, and privacy controls meet regulatory and customer requirements.

· Oversee security audits and ensure compliance with industry frameworks and regulatory requirements (e.g., NIST, ISO 27001, SOC2, data privacy laws).

· Represent the company’s cybersecurity posture during customer security reviews, RFPs, and contractual assessments, building confidence and trust in company practices.

· Define and track cybersecurity KPIs and KRIs to measure posture and drive continuous improvement; provide periodic updates to senior leadership on posture and risks.

· Foster a security-minded culture and develop internal capability (directly and through external partners) to meet evolving threats.

· Perform other duties as required to support the cybersecurity mission and enterprise objectives.

• Research Skills, Analyzing Information, Attention to Detail, Deadline-Oriented, Confidentiality, Thoroughness, Corporate Finance, Financial Software.
• Economics and Accounting - Knowledge of economic and accounting principles and practices, the financial markets, banking and the analysis and reporting of financial data.
• Mathematics - Knowledge of arithmetic, algebra, statistics, and their applications.
• Communication Skills - The ability to write clearly, succinctly and understandably. The ability to effectively communicate, build a rapport and relate well to a variety of people. Treats all people with respect, courtesy and consideration; respects differences in the attitudes and perspectives of others; listens, observes and strives to gain understanding of others. Continuously driving our company values to all team members, communicating our mission and vision.
• Personal Accountability - A measure of the capacity to be answerable for personal actions. Accepts personal responsibility for the consequences of personal actions; avoids placing unnecessary blame on others.
• Teamwork - The ability to work effectively and productively with others. Shares responsibility with team members for successes and failures; keeps team members informed regarding projects; behaves in a manner consistent with team values and mission; provides constructive feedback to team and its members; responds positively to feedback from team members; raises and/or confronts issues limiting team effectiveness.
• Time Management - Managing one's own time and the time of others.
• Critical Thinking - Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
• Judgment and Decision Making - Considers the relative costs, benefits, impacts or consequences of potential actions to choose the most appropriate one. Ability to make decisions in a timely manner.
• Safety - Practices safe work habits and encourages others to do the same. Identifies ways to improve the safety of the work environment. Knowledge of relevant policies and procedures to promote effective safety operations.
• Knowledge of computers and relevant software applications - Proficient in MS Word, Excel, MS Outlook and Internet Explorer.
• Dependability-the individual is consistently at work and on time, follows instructions, responds to management direction and solicits feedback to improve performance.

Education and Formal Training:

· Bachelor’s Degree in Information Security, Computer Science, or a related field.

· Master’s degree preferred.

Experience:

· 10+ years of progressive cybersecurity experience with a strong record of building or significantly maturing security programs.

· Broad expertise in internal IT security, cloud security (Azure, AWS), vulnerability management, and data protection.

· Proven track record of leading operations within multi-cloud environments and using security tools for threat detection, monitoring, and response.

· Track record of conducting enterprise-wide assessments and building corrective action plans using frameworks such as NIST CSF, ISO 27001, or SOC2.

· Hands-on experience with SIEM, endpoint security, DLP, vulnerability management, and M365 security tools.

· Experience leading application security and secure SDLC initiatives, including assessing and governing security in software development environments.

· Ability to engage with engineers and developers on application and product security while also managing operational IT security.

· Demonstrated strength in representing cybersecurity posture to executives, customers, and auditors.

· Experience managing outsourced security partners (MDR, CNAPP, MSSP) and coordinating with IT, engineering, product, and business leaders.

· CISSP, CISM, or similar certifications strongly preferred.

· Relevant security certifications (e.g. CISSP, CISM) are strongly preferred;

· Ability to cultivate a high-performance team culture, with strong interpersonal skills for cross-functional collaboration.

EEO Statement

Equal Opportunity Employer

Sonny’s is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.