Sr. Director of IT Risk Management and Physical Security

Vestis Corp

Roswell, GA

JOB DETAILS
SKILLS
Accounting, Best Practices, Business Operations, Business Strategy, Business Support, Business-to-Business (B2B), CCSP - Cisco Certified Security Professional, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Security, Continuous Improvement, Crisis Management, Customer/Client Research, Data Visualization, Emerging Technology, Enterprise Protection, Equal Employment Opportunity (EEO), Finance, Fortune 500 Customers, ISO (International Organization for Standardization), IT Governance, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Leadership, Maintain Compliance, Management Strategy, Mentoring, Metrics, PCI-DSS, Physical Security, Power BI, Presentation/Verbal Skills, Process Improvement, Process Management, Property Maintenance, Regulations, Regulatory Compliance, Regulatory Requirements, Reporting Dashboards, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), SQL (Structured Query Language), Sarbanes-Oxley Act (SOX), Security Equipment, Security Policy, Small Business, Trend Analysis, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Evaluation
LOCATION
Roswell, GA
POSTED
7 days ago

Meet Vestis: For the People Who Make It All Work

At Vestis, we provide uniforms, workplace supplies, and professional cleaning that help businesses simplify their workday and keep their teams safe, confident, and focused on what matters most. More than a provider, we are a partner in productivity, trusted to keep you running.

Join us and build a career supporting the people who make it all work.

Overview

Vestis Corporation is seeking a strategic and experienced Sr. Director of IT Risk Management and Physical Security to lead the organization's IT governance, risk, and compliance (GRC) functions and enterprise physical security program. This role is responsible for establishing and maintaining a robust risk management framework to protect Vestis' digital assets and technology footprint, ensure regulatory compliance, and support business objectives. The role is also accountable for safeguarding company facilities, equipment, and personnel through enterprise physical security, investigations, and crisis management leadership. As a senior enterprise leader, this position will prepare materials for and brief executive leadership, the Audit Committee, and the Board on technology risk, physical security, significant incidents, and mitigation priorities.

Key Responsibilities

  • Develop, implement, and oversee IT risk management policies, procedures, and controls to identify, assess, mitigate, and monitor technology-related risks across the organization.
  • Establish and govern the enterprise IT risk management program aligned to recognized frameworks, including maintaining the IT risk register and translating regulatory, cybersecurity, cloud, data privacy, and emerging technology requirements into practical controls and governance processes.
  • Partner across business and technology functions to assess risks, strengthen policies and controls, and enable growth while protecting customer data, company information, and critical operations.
  • Monitor trends identified by security operations, including vulnerability management, incident response, and threat intelligence, ensuring the confidentiality, integrity, and availability of Vestis information systems.
  • Manage GRC initiatives, including compliance with relevant regulations (such as SOX, GDPR, and PCI DSS), and risk assessments.
  • Collaborate with business leaders, IT, and compliance to align risk management strategies with organizational goals and drive a culture of security awareness.
  • Oversee third-party risk management, including vendor evaluations and ongoing monitoring.
  • Prepare and deliver reports and presentations to executive leadership, the Audit Committee, and the Board on enterprise technology risk, physical security posture, significant incidents, investigations, crisis response, compliance status, and mitigation priorities.
  • Stay current with emerging threats, regulatory changes, and industry best practices; recommend and implement improvements as needed.
  • Lead the enterprise physical security function for company assets, including facilities, equipment, and personnel security, by establishing operational controls, site security standards, access management, incident response protocols, investigative processes, crisis management procedures, and ongoing risk monitoring to protect the company's people, property, and operations.

Mentorship & Influence

  • Mentor software, infrastructure and data engineers; elevate governance, risk mitigation, and proactive security practices across teams that improve the company's risk posture.
  • Influence without authority across multiple teams to standardize IT governance practices and drive a forward-thinking approach to IT risk management.

Strategic Impact

  • Identify and proactively address systemic security and policy risks, and present solutions to mitigate those risks by partnering with technical subject matter experts and through individual research.
  • Champion new technology solutions for IT governance, risk, security and compliance that can benefit the business while also offering risk mitigation opportunities.
  • Contribute to long term IT governance, risk, and compliance platform roadmaps, including processes that scale self service and decommission legacy components.
  • Stay current with modern IT GRC practices, assessing and conveying applicability to the organization.
  • Partner with Internal Audit, Finance, Operations, Product, External Audit, Application, Data Engineering, and IT teams generally to optimize IT GRC and security policies and practices at Vestis.

Qualifications

  • BS in Information Technology, Information Security, Accounting, Finance, or a related field; master's degree preferred.
  • 15+ years of progressive experience in IT risk management / GRC roles.
  • Must have strong technical background.
  • Experience working with business strategy and operations to deliver a GRC program that practically aligns with risk management frameworks (NIST, ISO 27001, etc.), regulatory requirements, and IT security technologies given existing constraints while driving continuous improvement in the IT GRC space.
  • Excellent leadership, communication, and stakeholder management skills. Practical experience with data visualization technology for GRC metrics and dashboards (e.g., SQL, PowerBI) to foster followership across the organization.
  • Relevant and current certifications (CCSP, CISSP, CISM, CRISC, CISA, CGEIT, CDPSE) are required.

This position offers the opportunity to shape Vestis Corporation's IT risk strategy and safeguard its digital future. If you are a visionary leader with a passion for managing business risk and compliance, we invite you to apply.

Headquartered in Roswell, GA, Vestis is the second largest provider in the industry with over 300,000 customer locations and approximately 20,000 teammates across North America. Vestis is a leader in the B2B uniform and workplace supplies category. Vestis provides clean and safe uniform services and workplace supplies to a broad range of North American customers from Fortune 500 companies to locally owned small businesses across a broad set of end markets. The Company's comprehensive service offering includes a full-service uniform rental program, cleanroom and other specialty garment processing, floor mats, towels, linens, managed restroom services, first aid supplies and more.

Vestis is an equal-opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, relation, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

Vestis Commitment to Equal Opportunity Employment

If you are a job seeker with a disability and require a reasonable accommodation to apply for one of our jobs, you will find the contact information below to request the appropriate accommodation.

Reasonable Accommodations and the Online Application Process

Consistent with Vestis and Canadian Linen's commitment to equal employment opportunity, we provide reasonable accommodations to qualified individuals with disabilities who need assistance in applying electronically for a position with Vestis or Canadian Linen, unless doing so would impose an undue hardship. To request a reasonable accommodation for this purpose, please call 1-833-901-8823 or email us at accessibility@vestis.com.

Please note that this phone number is to be used solely to request an accommodation with respect to the online application process. Calls for any other reason will not be returned. Reasonable accommodation requests are considered on a case-by-case basis.

Thank you for your interest in an employment opportunity with Vestis, Canadian Linen and Québec Linge.

About the Company

V

Vestis Corp