texasroadhouse
Director IT Information Security
Job description
Position Overview
The Director, Information Security is responsible for leading and maturing the organization’s information security program across security architecture, engineering, governance, risk, compliance, and security operations. This role partners closely with the Head of Information Security, IT leadership and business leaders to protect company systems, data, technology platforms, restaurants, Support Center operations, and end users. The Director provides strategic direction and hands-on leadership for enterprise security architecture, threat detection, incident response, vulnerability management, third-party risk, policy and control governance, security tooling, and security awareness. The ideal candidate brings a strong background in security architecture, engineering, GRC, and/or security operations, with the ability to translate complex technical risk into clear business impact and practical recommendations.
Responsibilities
- Serve as a trusted advisor to technology and business leadership on cybersecurity risk, emerging threats, operational readiness, and risk-based decision making.
- Establish and maintain security architecture standards for infrastructure, cloud, applications, identity and access management, endpoints, networks, data protection, logging, and monitoring.
- Partner with enterprise architecture, infrastructure, application, engineering, and business teams to embed security into technology decisions, system designs, integrations, and implementation plans.
- Review new systems, platforms, integrations, and vendor solutions to ensure appropriate security controls are designed, documented, implemented, and monitored.
- Partner with Legal, Compliance, Internal Audit, Finance, Operations, restaurants, and business leaders to support applicable regulatory, contractual, audit, and operational requirements, including SOX, PCI, HIPAA, or other applicable standards.
- Oversee the Security Operations Center (SOC) and security monitoring, detection, triage, escalation, and response activities, including coordination with managed security service providers or external partners, as applicable.
- Lead the enterprise incident response program, including containment, eradication, recovery, communication, post-incident review, and continuous improvement of response processes.
- Manage and mature threat detection, threat intelligence, proactive threat hunting, vulnerability management, prioritization, remediation tracking, and risk reporting.
- Oversee and optimize security technologies and processes, including SIEM/XDR, EDR, firewall monitoring, network security operations, log collection, correlation, alerting, detection engineering, and SOAR capabilities.
- Develop, maintain, and regularly test incident response playbooks, runbooks, escalation procedures, tabletop exercises, breach simulations, and security drills.
- Partner with IT and business leaders on disaster recovery, business continuity, cyber resilience, and crisis communication planning.
- Establish, monitor, and report security metrics and key performance indicators, such as vulnerability remediation progress, security control effectiveness, mean time to detect, mean time to respond, and program roadmap progress.
- Oversee third-party/vendor security risk assessments, vendor security expectations, ongoing monitoring, and vendor/contract relationships related to security operations or security services.
- Manage operational budgets, tooling costs, vendor relationships, and resource planning for security programs and security operations, as assigned.
- Develop and lead cybersecurity awareness and training efforts to promote shared accountability for protecting company information, systems, restaurants, Roadies, and guests.
- Prepare and deliver clear written and in-person communications regarding cybersecurity posture, operational readiness, key risks, incidents, and program progress to IT leadership, senior leadership, audit-related forums, restaurants, and end users, as appropriate.
- Lead, coach, hire, and develop Security Operations Roadies, Security Analysts, Security Engineers, information security team members, vendors, consultants, or cross-functional project teams, as assigned.
- Stay current on cybersecurity trends, emerging threats, technology changes, and regulatory developments, and recommend actions to reduce risk and strengthen resilience.
Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.
Qualifications
Education and Experience
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, Information Technology, or a related field required; Master’s degree or MBA preferred.
- 10+ years of progressive experience in information technology, cybersecurity, information security, security operations, security engineering, enterprise architecture, IT risk, or related technology leadership required.
- Majority of experience should include information security, security operations/SOC, security architecture, engineering, GRC, incident response, vulnerability management, or related cybersecurity responsibilities.
- 5+ years of people leadership experience required, including managing teams, programs, vendors, budgets, or cross-functional security initiatives.
- Demonstrated experience building, leading, or maturing an enterprise information security program and/or security operations capability.
Technical and Functional Expertise
- Strong background in one or more of the following areas: security architecture, security engineering, enterprise architecture, governance/risk/compliance, security operations, SOC leadership, cloud security, infrastructure security, identity and access management, threat detection, vulnerability management, or incident response.
- Experience leading incident response and security monitoring operations, including detection, triage, escalation, containment, eradication, recovery, and post-incident reviews.
- Knowledge of cybersecurity frameworks, standards, and control environments such as NIST, CIS Controls, ISO 27001, SOC 2, PCI DSS, SOX, HIPAA, or similar frameworks and requirements.
- Experience with security technologies and operating processes such as SIEM/XDR, EDR, firewalls, network security monitoring, vulnerability scanning, log management, threat intelligence, detection engineering, and SOAR preferred.
- Experience leading risk assessments, control reviews, audit support, remediation plans, vendor security reviews, incident response planning, and executive risk reporting.
- Experience with cloud platforms such as Microsoft Azure, AWS, or Google Cloud preferred.
- Experience in a multi-location, hospitality, restaurant, retail, consumer services, or high-growth environment preferred.
Certifications
- Professional certification such as CISSP, CISM, CISA, CRISC, CCSP, GIAC, GCIH, GCIA, CEH, or similar certification required or preferred based on business needs.
Leadership Competencies
- Strong business acumen with the ability to balance security priorities, operational needs, risk tolerance, and business objectives.
- Ability to translate complex technical risk into clear, practical, business-focused recommendations for technical and non-technical audiences.
- Strong collaboration, communication, influence, judgment, confidentiality, and executive presence.
- Ability to lead through change, prioritize competing needs, make sound decisions, and remain calm and effective during incidents or high-pressure situations.
- Demonstrated commitment to developing people, building strong partnerships, driving accountability, and leading with integrity.
This job description includes essential functions and basic duties and is intended to provide guidelines for job expectations and the employee’s ability to perform the position described. It is not an exhaustive list of all functions, responsibilities, skills, and abilities. Additional functions and requirements may be assigned by supervisors as appropriate. This document is not a contract of employment, and the Company reserves the right to change this job description and/or assign tasks for the employee to perform, as the Company may deem appropriate.
We are proud to be an equal opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, gender, pregnancy, gender identity, disability, veteran status, sexual orientation, citizenship, national origin, or any other legally-protected status. We encourage and welcome all applicants to apply.


