Director of Cyber Security (HYBRID) Bolingbrook - IL

S&S Activewear is a leading North American, tech enabled specialty distributor of imprintable apparel, including t shirts, fleece, athletic wear, headwear, workwear, scrubs and accessories. We pride ourselves on being the “critical link” that enables our 100+ brand partners such as Adidas, Columbia and Gildan to reach our hyper fragmented base of customers, comprised of apparel decorators, eRetailers and promotional products distributors that embellish apparel items for diverse end consumer use cases (e.g., everyday wear, concerts, fitness attire, life events, team sports, etc.). At S&S, we differentiate in the market through a customer service focus, strategic product portfolio, world class distribution infrastructure, a collaborative growth culture and a relentless focus on technology and innovation.

Our success has compounded since the Company’s humble beginnings in 1988 as a regional t shirt distributor to a leading, multibillion dollar value-added distribution platform that drives market penetration for our suppliers while enabling growth, operations and fulfillment for a diverse range of customers across channels and business sizes.

Today, we continue to strive to be the apparel distributor of choice by inspiring and fostering growth for customers, employees and suppliers, anchored in our commitment to Lead with Respect, Never Settle, Own the Outcome, Win Together, and the belief that Innovation Powers Our Hustle. These values guide how we serve, how we collaborate and how we continuously improve, ensuring we deliver on our promise of service, deep relationships, innovation, continuous improvement and accountability.

ABOUT THE ROLE 

We are seeking a seasoned Chief Information Security & Privacy Officer (CISO/CPO) responsible for leading our enterprise-wide cybersecurity, data protection, and privacy programs. This role ensures the security of systems supporting high-volume B2B operations, including eCommerce platforms, ERP systems, technology integrations, and warehouse/logistics technologies- while establishing a practical, scalable privacy framework.

This leader will balance risk management with operational speed, enabling sales, fulfillment, and customer experience teams to move quickly while protecting sensitive customer, vendor, and employee data. This role is responsible for owning and advancing the company’s cybersecurity and data privacy programs through the next stage of maturity while enabling growth, innovation, and customer trust.

The role leads security strategy, architecture, and program execution across the enterprise, ensuring controls and practices are appropriately designed, implemented, and maintained. While audit and regulatory requirements (PCI, SOX, U.S. data privacy laws, and potential future SOC 2) are important inputs, the roles success is defined by durable risk reduction, effective enablement of the business, and the establishment of clear, scalable security operating models.

COMPENSATION & SCHEDULE

Pay Range: $210,000.00 - $220,000.00 with bonus potential 

Monday - Friday, Exempt, Full-Time 

Hybrid schedule (220, Remington Blvd, Bolingbrook, IL) 

WHAT YOU WILL DO

(Shared) 

Program Ownership and Strategy

• Own the cybersecurity roadmap and guide the programs evolution over multiple years
• Translate business objectives and technology strategy into pragmatic security priorities
• Balance risk reduction, operational efficiency, and business agility in decision-making
• Establish and mature governance processes that are practical, scalable, and well‑integrated into how the company operates

Security Architecture and Standards

• Define and maintain security architecture principles and standards across on‑prem, cloud, SaaS, and internally developed platforms (including the company’s ERP)
• Drive consistent control design rather than one‑off solutions
• Ensure security is embedded early in technology and application decisions

Privacy Leadership (Chief Privacy Officer Functions)

• In collaboration with the legal department, manage and advance the company’s data privacy program through its next level of maturity
• Serve as the organizations Data Protection Officer
• Ensure proper data governance, classification, retention, and protection practices
• Maintain a data inventory and data mapping of customer, vendor, employee, and logistics data flows
• Lead privacy impact assessments (PIAs/DPIAs) and embed privacy-by-design into systems and processes
• Manage data subject rights processes (access, deletion, correction requests)
• Oversee privacy practices related to employee data, including recruiting, payroll, benefits, and performance management
• Ensure compliance with applicable employment-related privacy obligations
• Provide guidance on monitoring technologies and workplace data, use Monitor evolving privacy regulations and assess impact on business operations

Risk Management and Incident Response

• Lead security operations including threat detection, vulnerability management, endpoint security, and incident response
• Own the incident response program and serve as incident lead during security events
• Oversee breach notification processes in coordination with legal and communications
• Build repeatable, well-understood response processes rather than ad hoc execution
• Conduct post-incident reviews and implement continuous improvements
• Own Cyber Insurance Program
• Provide regular reporting to executive leadership on cyber risk posture, incidents, and remediation efforts

AI Security and Emerging Technology Governance

• Partner with technology, legal, data, and business leaders to define a practical AI security and risk management approach
• Establish guardrails for the secure use of AI capabilities, including internally developed solutions and third‑party AI features
• Identify and manage risks related to data exposure, model misuse, access control, and integrity
• Define policies and controls to enable responsible AI adoption to enable the business to deliver best in class solutions for our customers
• Evolve AI security practices as usage matures, focusing on sustainability rather than one‑time controls

Compliance and Audit Enablement

• Partner with IT, Legal, Compliance, and Finance to support PCI, SOX, and future assurance activities as well as regulatory inquiries and investigations
• Design controls that are operationally maintainable, not audit‑only
• Promote calm, repeatable audit readiness rather than reactive compliance exercises
• Own and enforce maintenance and testing of business continuity and disaster recovery plans

Team Leadership and Capability Building

• Lead and develop the internal security team across engineering, privacy, and compliance functions
• Set clear expectations, priorities, and development paths
• Make thoughtful, defensible cases for team growth or external augmentation when warranted

Governance & Cross-Functional Leadership

• Establish strong security and privacy governance frameworks
• Collaborate with product, engineering, and business teams to enable secure and privacy-conscious innovation
• Lead security awareness and privacy training programs and policies across the organization
• Manage third-party/vendor risk, including security and privacy assessments

Stakeholder Engagement

• Serve as the primary security partner to IT leadership and senior engineering leaders
• Communicate security risks and tradeoffs in clear business terms
• Build trust and alignment rather than relying on escalation or authority alone

WHAT WE’RE LOOKING FOR

• 10+ years of experience in cybersecurity, including leadership of multi‑disciplinary programs with significant exposure to data privacy
• Experience as a CISO, Head of Security, or equivalent executive role
• Proven ability to design and run durable security operating models
• Strong knowledge of security frameworks (NIST, ISO 27001, CIS) and privacy laws (PIPEDA, CCPA/CPRA etc.)
• Experience leading incident response and breach management
• Experience operating in regulated, growth‑oriented environments
• Comfortable representing complex security perspectives to senior leadership and external stakeholders
• Strong judgment in balancing risk, cost, and long‑term sustainability
• Experience in cloud security (AWS, Azure, GCP) and modern architecture
• Maintain at least one cyber security certification (i.e. CISSP, CISA, CISM)

Success Measures

• Security and privacy program maturity progresses in a measurable, sustainable way
• Security architecture and standards are consistently applied
• Incidents are handled effectively, calmly, and with clear ownership
• Adoption of security and privacy best practices across the business
• Audit and regulatory obligations are met without overstretching the organization
• Security and privacy team is viewed as a credible, enabling partner across the business

Long‑Term Expectations

• Expand strategic influence as the business grows
• Continuously adapt the security program to new technologies and risks
• Maintain focus on durable outcomes rather than short‑term checklists

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk or listen. 

Working Environment

Currently, S&S has a remote work policy which provides for employees to be in the office Mondays, Wednesdays and Fridays and work from home on Tuesdays and Thursdays, which is subject to change based on business need. Position location: Bolingbrook, IL.

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions. 

S&S Activewear welcomes people of all backgrounds and experiences and are committed to creating a diverse culture and supporting human growth. We are proud to be an equal opportunity employer and are committed to providing equal opportunity for all employees and applicants. We conduct business without regard to sex, race, creed, color, religion, marital status, national origin, citizenship status, age, pregnancy, sexual orientation, gender identity or expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. Our policy is to recruit, hire, train, promote, assign, transfer, and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons. S&S participates in E-Verify and will provide the federal government with your Form I-9 information to confirm you are authorized to work in the U.S.  This job offer is contingent upon the completion of a satisfactory background check.