Sonny's Enterprises
Vice President Of Cybersecurity
The Vice President of Cybersecurity will lead the companys cybersecurity program, with full responsibility for protecting both internal operations and customer-facing external technologies. This job is ideal for a hands on builder/leader that will design the security roadmap, conduct maturity assessments, and strengthen security across all domains, including application security and secure SDLC, while driving corrective action plans to close gaps. They will work closely with technology, product, and operational teams, oversee external partners, and represent the company credibly with customers, partners, and auditors. The VP will also provide periodic updates to senior leadership on security posture, risks, and the progress of major initiatives. Responsibilities
Design and execute a comprehensive cybersecurity strategy and roadmap that addresses both internal IT security and external product/application security. Conduct enterprise-wide maturity assessments using frameworks such as NIST CSF or ISO 27001; maintain a risk register and corrective action plans to close identified gaps. Lead risk management, vulnerability management, incident response, threat intelligence, and security awareness initiatives. Ensure security tools and processes (e.g., vulnerability management, MDR, cloud security, endpoint security) are effectively integrated into IT, engineering, and product workflows. Establish and oversee application security and secure SDLC practices; conduct assessments, baseline maturity, and drive remediation plans for external-facing technologies and software development processes. Manage and hold accountable external cybersecurity partners (MDR, CNAPP, MSSP) and ensure findings are prioritized and remediated on time. Build and manage a third-party risk management program, including vendor security assessments and ongoing monitoring. Ensure data classification, retention, and privacy controls meet regulatory and customer requirements. Oversee security audits and ensure compliance with industry frameworks and regulatory requirements (e.g., NIST, ISO 27001, SOC2, data privacy laws). Represent the companys cybersecurity posture during customer security reviews, RFPs, and contractual assessments, building confidence and trust in company practices. Define and track cybersecurity KPIs and KRIs to measure posture and drive continuous improvement; provide periodic updates to senior leadership on posture and risks. Foster a security-minded culture and develop internal capability (directly and through external partners) to meet evolving threats. Perform other duties as required to support the cybersecurity mission and enterprise objectives. Qualifications
Education and Formal Training: Bachelors Degree in Information Security, Computer Science, or a related field. Masters degree preferred. Experience: 10+ years of progressive cybersecurity experience with a strong record of building or significantly maturing security programs. Broad expertise in internal IT security, cloud security (Azure, AWS), vulnerability management, and data protection. Proven track record of leading operations within multi-cloud environments and using security tools for threat detection, monitoring, and response. Track record of conducting enterprise-wide assessments and building corrective action plans using frameworks such as NIST CSF, ISO 27001, or SOC2. Hands-on experience with SIEM, endpoint security, DLP, vulnerability management, and M365 security tools. Experience leading application security and secure SDLC initiatives, including assessing and governing security in software development environments. Ability to engage with engineers and developers on application and product security while also managing operational IT security. Demonstrated strength in representing cybersecurity posture to executives, customers, and auditors. Experience managing outsourced security partners (MDR, CNAPP, MSSP) and coordinating with IT, engineering, product, and business leaders. CISSP, CISM, or similar certifications strongly preferred. Relevant security certifications (e.g. CISSP, CISM) are strongly preferred; Ability to cultivate a high-performance team culture, with strong interpersonal skills for cross-functional collaboration.
The Vice President of Cybersecurity will lead the companys cybersecurity program, with full responsibility for protecting both internal operations and customer-facing external technologies. This job is ideal for a hands on builder/leader that will design the security roadmap, conduct maturity assessments, and strengthen security across all domains, including application security and secure SDLC, while driving corrective action plans to close gaps. They will work closely with technology, product, and operational teams, oversee external partners, and represent the company credibly with customers, partners, and auditors. The VP will also provide periodic updates to senior leadership on security posture, risks, and the progress of major initiatives. Responsibilities
Design and execute a comprehensive cybersecurity strategy and roadmap that addresses both internal IT security and external product/application security. Conduct enterprise-wide maturity assessments using frameworks such as NIST CSF or ISO 27001; maintain a risk register and corrective action plans to close identified gaps. Lead risk management, vulnerability management, incident response, threat intelligence, and security awareness initiatives. Ensure security tools and processes (e.g., vulnerability management, MDR, cloud security, endpoint security) are effectively integrated into IT, engineering, and product workflows. Establish and oversee application security and secure SDLC practices; conduct assessments, baseline maturity, and drive remediation plans for external-facing technologies and software development processes. Manage and hold accountable external cybersecurity partners (MDR, CNAPP, MSSP) and ensure findings are prioritized and remediated on time. Build and manage a third-party risk management program, including vendor security assessments and ongoing monitoring. Ensure data classification, retention, and privacy controls meet regulatory and customer requirements. Oversee security audits and ensure compliance with industry frameworks and regulatory requirements (e.g., NIST, ISO 27001, SOC2, data privacy laws). Represent the companys cybersecurity posture during customer security reviews, RFPs, and contractual assessments, building confidence and trust in company practices. Define and track cybersecurity KPIs and KRIs to measure posture and drive continuous improvement; provide periodic updates to senior leadership on posture and risks. Foster a security-minded culture and develop internal capability (directly and through external partners) to meet evolving threats. Perform other duties as required to support the cybersecurity mission and enterprise objectives. Qualifications
Education and Formal Training: Bachelors Degree in Information Security, Computer Science, or a related field. Masters degree preferred. Experience: 10+ years of progressive cybersecurity experience with a strong record of building or significantly maturing security programs. Broad expertise in internal IT security, cloud security (Azure, AWS), vulnerability management, and data protection. Proven track record of leading operations within multi-cloud environments and using security tools for threat detection, monitoring, and response. Track record of conducting enterprise-wide assessments and building corrective action plans using frameworks such as NIST CSF, ISO 27001, or SOC2. Hands-on experience with SIEM, endpoint security, DLP, vulnerability management, and M365 security tools. Experience leading application security and secure SDLC initiatives, including assessing and governing security in software development environments. Ability to engage with engineers and developers on application and product security while also managing operational IT security. Demonstrated strength in representing cybersecurity posture to executives, customers, and auditors. Experience managing outsourced security partners (MDR, CNAPP, MSSP) and coordinating with IT, engineering, product, and business leaders. CISSP, CISM, or similar certifications strongly preferred. Relevant security certifications (e.g. CISSP, CISM) are strongly preferred; Ability to cultivate a high-performance team culture, with strong interpersonal skills for cross-functional collaboration.