Director - Security Engineering

When our square shaped burgers made their first sizzle on the scene more than 50 years ago, people knew our approach wasn't like any other. Same goes for the way we support our employees. Our culture of openness, flexibility, and inclusiveness allows everybody to flourish in their own way. If you're looking for a career where you can be part of the action as we continue to grow our iconic brand - We got you!

The Director of Security Engineering is a key member of the Information Security Leadership Team, reporting directly to the Vice President, Chief Information Security Officer (CISO). Overseeing the Security Architecture, Application Security, and Offensive Security teams, this role is crucial in developing and implementing technical roadmaps, aligned with overall security strategy, designed to ensure the organization's security posture remains robust and resilient against evolving threats. Additionally, candidates in this role will rely on technical experience and risk management expertise to lead cross-functional initiatives, including implementations of new security tooling, cloud platform security, and Wendy's Digital security.

This position is responsible for directing teams that develop and implement security architecture, procedures, standards, and controls to ensure the confidentiality, availability, and integrity of Wendy's information systems. It also oversees the development and implementation of software assurance program for Wendy's custom-developed applications, ensuring that secure development principles are integrated into the application development lifecycle. The role directs engineering team performing penetration tests, red team, and other security assessments. By influencing beyond direct reports, this role ensures Information Security representation in technology projects, playing a pivotal role in maintaining the organization's overall security posture.

Responsibilities

• Directs development and implementation of Wendy's Information Security architecture with a goal of developing cost-effective strategies for ensuring the continued confidentiality, availability, and integrity of Wendy's information systems.
• Directs the planning and execution of penetration testing, security testing, and other security assessments of complex technology environments, cloud native applications, restaurant environments, and mobile applications/devices. Oversees engineering team that perform security assessments and penetration tests of Wendy's information systems and software for impact on Wendy's security posture.
• Directs the development and execution of the secure software development process, with focus on building control procedures which support product releases and enable the Digital organization to meet business requirements while maintaining security posture.
• Directs the development and implementation of Security controls in Wendy's cloud environments and tooling that enable continuous monitoring of cloud security posture.
• Monitors changes in information risk landscape and overall technology trends. Develops and proposes technical roadmaps for Enterprise Risk mitigation to Wendy's senior management including assisting CISO and CIO with Board of Directors presentations.
• Assists with development of overall Information Security strategy. Translating strategy into technical roadmaps and requirements that align with business objectives and meet the organizational risk tolerance.
• Oversees execution of technical control gap assessments and implementation of corrective action plans (related to technology compliance and security best practice frameworks).
• Manages operational costs and contributes to the annual budgeting process.
• Manages hiring, career development and planning, resource and budget planning, mentoring and performance discussions for team of 3 direct and 6 indirect reports while maintaining an inclusive and effective workforce. Build skills & technical capabilities to grow individual team members and the overall efficiency of the department.

• 12+ years Information Security experience, with a strong technical background in Security Engineering, Security Architecture, Application Security, and/or Penetration Testing.
• 5+ years of people management experience leading multiple engineering teams.
• Industry certifications such as CISSP, CCSP, OSCP, GPCS, GSE, GSP, or equivalent experience.
• In depth understanding of NIST SP800-30, CIS CSC, OWASP, PTES and/or other industry recognized Control Frameworks, Pen Testing frameworks and principles.
• Knowledge of cloud-based technologies and DevSecOps software development framework.
• Ability to convey complex technical security concepts to technical and non-technical audiences including executives.
• Strong interpersonal, written, and oral communication skills. Highly self-motivated and directed and keen attention to detail.
• In-depth understanding of many different network architectures, enterprise technology, system types, CI/CD platforms, public cloud platforms, and operating systems (e.g. K8s, Gitlab, AWS, GCP, Active Directory, LDAP, Linux, Windows, etc.).

Wendy's was built on the premise, "Quality is our Recipe," which remains the guidepost of the Wendy's system. Today, Wendy's and its franchisees employ hundreds of thousands of people across more than 7,000 restaurants worldwide with a vision of becoming the world's most thriving and beloved restaurant brand.

The base pay range for this position is listed below. The base pay actually offered will take into account internal equity and budget for the open position and also may vary depending on the candidate's job-related knowledge, skills, and experience, among other relevant factors. This range does not include an estimated value for any benefits, bonus, or other incentives that may be applicable based on position. *The target annual bonus for this role is 25% of annualized base salary, based on actual company and personal performance.

Our square burgers make us different and so do our benefits! Our restaurant support roles are eligible for a wide array of benefits, including things such as parental leave, free EAP sessions, company 401k match and other great offerings. For more details about our benefits, including an overview of eligibility and terms for certain benefits, please visit our benefits website,www.wendysbenefits.com.*

NOTE: Wendy's benefits, bonus, and other incentives are governed by the applicable legal plans and policies and, where appropriate, may be subject to Board approval an individual award agreement terms. Those documents supersede all other information regarding Wendy's benefits, bonus, and other incentives. Wendy's retains the right to amend or terminate its plans and policies at its sole discretion, in accordance with applicable plans, policies and laws.

Education: Bachelor's Degree

Travel: 25%

Pay Range: $218,000 - $256,000 Annually