Tillster
Head of Enterprise IT and Cybersecurity Compliance
Tillster, San Diego, California, United States, 92189
Head of Enterprise IT and Cybersecurity Compliance
Location:
Los Angeles or San Diego, CA
Reports to:
CTO
About the Role We are looking for a senior leader to own our global
Enterprise IT ,
Cybersecurity , and
Compliance
functions as we continue scaling a cloud-native technology platform that operates across multiple continents. This role is responsible for protecting the organization’s systems, data, employees, and customers while ensuring full compliance with global privacy and security standards including
PCI DSS, GDPR, CCPA , and emerging regulations. This leader will guide our cloud-first transformation, strengthen our security posture, modernize our internal IT operations, and ensure the company meets the highest bar for compliance in every market we serve.
What You’ll Lead Strategic Leadership
Build and execute a comprehensive security, compliance, and enterprise IT strategy aligned with company objectives.
Advise executive leadership on risk posture, emerging threats, and regulatory requirements.
Oversee IT governance, asset management, endpoint strategy, identity management, and security-by-design standards.
Enterprise IT Ownership
Lead corporate IT operations including helpdesk, SaaS management, access controls, device lifecycle, and employee support.
Modernize the IT environment with automation, standardization, and cloud-first systems.
Establish policies for acceptable use, asset management, remote workforce security, and incident reporting.
Oversee onboarding/offboarding processes, MDM, SSO, and IAM across the entire organization.
Cybersecurity Leadership
Own our global cybersecurity program covering cloud security, application security, network security, vulnerability management, and SOC operations.
Architect and enforce zero‑trust principles across users, services, and systems.
Lead threat detection, incident response, forensics, and ongoing readiness exercises.
Implement and manage security tools (SIEM, EDR, CSPM, WAF, IAM, DLP, etc.).
Compliance, Risk & Audit
Maintain ongoing compliance with PCI DSS, GDPR, CCPA, SOC 2, ISO 27001, and future regulatory frameworks.
Serve as primary owner of audits, certifications, and external assessments.
Lead enterprise‑wide risk management, vendor reviews, data protection controls, and privacy governance.
Maintain audit readiness and drive continuous improvement of the ISMS.
Collaboration & Leadership
Partner with Engineering, DevOps, Product, Legal, and Operations to embed security into architecture, SDLC, and infrastructure.
Lead, mentor, and grow a team of IT, security, and compliance professionals.
Build a company-wide culture of security awareness and accountability.
Required Experience
10+ years of progressive experience in cybersecurity, enterprise IT, or information risk roles.
5+ years leading teams in a high-growth SaaS or global technology environment.
Proven success owning PCI, GDPR, and CCPA programs end-to-end.
Deep experience with cloud-native security (AWS preferred).
Demonstrated leadership in incident response, vulnerability management, and compliance audits.
Strong understanding of modern IT operations, identity systems, and SaaS ecosystems.
Ability to translate complex security topics into clear, actionable guidance for executives and non-technical teams.
Preferred Certifications CISSP, CISM, CISA, CCSP, ISO 27001 Lead Implementer, AWS Security Specialty.
Why This Role Matters This is the senior operator who will set the tone for how we protect our business, our customers, and our people. The ideal candidate is a hands‑on leader who is comfortable with driving strategies, building programs, and rolling up their sleeves when needed. We want someone who takes ownership and raises the bar for our organization.
The Interview Process
Recruiter interview with a Talent Acquisition Specialist
Interview with CTO
Technology Interview
Final interview with our Team Leaders
Making a Difference in the Tillster Way Our mission is to empower restaurants and consumers globally, by empowering, supporting, and nurturing the people who are part of the global Tillster team. We want to ensure all employees feel respected, confident, and engaged. Creating an inclusive working environment is of the utmost importance to us. To make this a reality, Tillster is dedicated to embracing diversity in all forms and is proudly an equal opportunity employer. We do not discriminate based on race, color, religion, national origin, gender identity, sexual orientation, age, family/parental status, marital status, veteran status, disability, or any other protected status.
Compensation & Perks
Base Salary: $220,000–$290,000
Benefits: Medical, dental, vision, FSA, EAP, and more
Equity
Time Off: 15 days PTO in year one, 22+ days after that, plus 10 paid holidays
Retirement: 401(k) eligibility from Day 1
Learning: Tuition assistance, Udemy Learning access, development opportunities
The Fine Print
Remote Role must be based in the Los Angeles or San Diego, CA region
Local candidates preferred
No visa sponsorship available
Principals only, no agencies or cold calls plea
#J-18808-Ljbffr
Los Angeles or San Diego, CA
Reports to:
CTO
About the Role We are looking for a senior leader to own our global
Enterprise IT ,
Cybersecurity , and
Compliance
functions as we continue scaling a cloud-native technology platform that operates across multiple continents. This role is responsible for protecting the organization’s systems, data, employees, and customers while ensuring full compliance with global privacy and security standards including
PCI DSS, GDPR, CCPA , and emerging regulations. This leader will guide our cloud-first transformation, strengthen our security posture, modernize our internal IT operations, and ensure the company meets the highest bar for compliance in every market we serve.
What You’ll Lead Strategic Leadership
Build and execute a comprehensive security, compliance, and enterprise IT strategy aligned with company objectives.
Advise executive leadership on risk posture, emerging threats, and regulatory requirements.
Oversee IT governance, asset management, endpoint strategy, identity management, and security-by-design standards.
Enterprise IT Ownership
Lead corporate IT operations including helpdesk, SaaS management, access controls, device lifecycle, and employee support.
Modernize the IT environment with automation, standardization, and cloud-first systems.
Establish policies for acceptable use, asset management, remote workforce security, and incident reporting.
Oversee onboarding/offboarding processes, MDM, SSO, and IAM across the entire organization.
Cybersecurity Leadership
Own our global cybersecurity program covering cloud security, application security, network security, vulnerability management, and SOC operations.
Architect and enforce zero‑trust principles across users, services, and systems.
Lead threat detection, incident response, forensics, and ongoing readiness exercises.
Implement and manage security tools (SIEM, EDR, CSPM, WAF, IAM, DLP, etc.).
Compliance, Risk & Audit
Maintain ongoing compliance with PCI DSS, GDPR, CCPA, SOC 2, ISO 27001, and future regulatory frameworks.
Serve as primary owner of audits, certifications, and external assessments.
Lead enterprise‑wide risk management, vendor reviews, data protection controls, and privacy governance.
Maintain audit readiness and drive continuous improvement of the ISMS.
Collaboration & Leadership
Partner with Engineering, DevOps, Product, Legal, and Operations to embed security into architecture, SDLC, and infrastructure.
Lead, mentor, and grow a team of IT, security, and compliance professionals.
Build a company-wide culture of security awareness and accountability.
Required Experience
10+ years of progressive experience in cybersecurity, enterprise IT, or information risk roles.
5+ years leading teams in a high-growth SaaS or global technology environment.
Proven success owning PCI, GDPR, and CCPA programs end-to-end.
Deep experience with cloud-native security (AWS preferred).
Demonstrated leadership in incident response, vulnerability management, and compliance audits.
Strong understanding of modern IT operations, identity systems, and SaaS ecosystems.
Ability to translate complex security topics into clear, actionable guidance for executives and non-technical teams.
Preferred Certifications CISSP, CISM, CISA, CCSP, ISO 27001 Lead Implementer, AWS Security Specialty.
Why This Role Matters This is the senior operator who will set the tone for how we protect our business, our customers, and our people. The ideal candidate is a hands‑on leader who is comfortable with driving strategies, building programs, and rolling up their sleeves when needed. We want someone who takes ownership and raises the bar for our organization.
The Interview Process
Recruiter interview with a Talent Acquisition Specialist
Interview with CTO
Technology Interview
Final interview with our Team Leaders
Making a Difference in the Tillster Way Our mission is to empower restaurants and consumers globally, by empowering, supporting, and nurturing the people who are part of the global Tillster team. We want to ensure all employees feel respected, confident, and engaged. Creating an inclusive working environment is of the utmost importance to us. To make this a reality, Tillster is dedicated to embracing diversity in all forms and is proudly an equal opportunity employer. We do not discriminate based on race, color, religion, national origin, gender identity, sexual orientation, age, family/parental status, marital status, veteran status, disability, or any other protected status.
Compensation & Perks
Base Salary: $220,000–$290,000
Benefits: Medical, dental, vision, FSA, EAP, and more
Equity
Time Off: 15 days PTO in year one, 22+ days after that, plus 10 paid holidays
Retirement: 401(k) eligibility from Day 1
Learning: Tuition assistance, Udemy Learning access, development opportunities
The Fine Print
Remote Role must be based in the Los Angeles or San Diego, CA region
Local candidates preferred
No visa sponsorship available
Principals only, no agencies or cold calls plea
#J-18808-Ljbffr