Vice President, Security, Risk & Compliance

Great Day Improvements - Vice President, Security, Risk & Compliance - Twinsburg, OH (Hybrid) 

Company Overview

Since its founding 13 years ago, Great Day Improvements, LLC has grown rapidly toward its vision of becoming one of the largest home improvement companies in the U.S. Headquartered in Twinsburg, Ohio, Great Day Improvements is a $1.5 billion, vertically integrated, direct-to-consumer provider of premium home improvement products. 

The company’s family of brands includes Patio Enclosures®, Champion Windows and Home Exteriors®, Universal Windows Direct®, Apex Energy Solutions®, Stanek Windows®, Leafguard®, Englert®, and The Bath Authority. With an expanding workforce of over 4,800 employees across 130 metropolitan markets throughout the U.S., Great Day Improvements continues to rank among the top home improvement companies nationwide and is one of the fastest growing private companies in America. 

Technology plays a central role in how Great Day grows, competes, and serves customers. The Vice President of Security, Risk & Compliance is a newly created executive role responsible for establishing a disciplined, enterprise-wide approach to security, risk management, and compliance that protects the business while supporting scalable growth.

Summary

The Vice President of Security, Risk & Compliance will lead the company’s security, compliance, and risk management functions. This role has end-to-end accountability across security operations, risk, and compliance, ensuring alignment between technical security execution and enterprise governance.

A major focus of the role will be putting the right standards, controls, and governance in place to protect the business, reduce risk, and support growth, including establishing a SOX-aligned control environment for the company, with the policies, processes, and accountability needed to strengthen financial and IT controls as the company continues to mature its control environment.

This leader will work across IT, Finance, Marketing, and business unit teams to define control requirements, improve security and compliance practices, and build a more disciplined approach to risk management. The role also provides executive leadership with clear visibility into the company’s security, compliance, and operational risk posture. The right candidate will know how to build the right level of control without creating unnecessary processes or slowing the business down, while enabling the business to scale with confidence.

Location: Twinsburg, OH (Hybrid)

Enterprise Risk Ownership (GRC Leadership)

• Own and operate the enterprise Governance, Risk, and Compliance (GRC) program
• Define and maintain risk appetite, tolerance, and escalation frameworks in partnership with executive leadership
• Establish and drive a risk-based decision-making model across technology and business domains, including clear recommendations and escalation of risk decisions to executive leadership as appropriate
• Lead enterprise-wide risk identification, assessment, mitigation, and acceptance processes
• Provide clear, actionable visibility into enterprise risk for the CTIO and executive leadership

Security Strategy and Operations

• Define and execute a modern cybersecurity strategy aligned with business priorities, including security operations and control effectiveness
• Oversee Security Operations (SOC), ensuring effective monitoring, detection, and response
• Lead incident response, including executive communication and post-incident accountability
• Drive maturity across:
  • Threat detection and response
  • Vulnerability management
  • Security architecture and engineering
• Embed security into infrastructure, applications, and cloud environments
• Establish and enforce application security practices, including secure development standards and integration with development processes

Compliance and Regulatory Leadership

• Own compliance with:
  • SOX / ITGC controls
  • PCI
  • S. data privacy laws (CCPA/CPRA)
• Build and operate a continuous compliance program, not audit-driven cycles
• Lead internal and external audit strategy, execution, and remediation
• Ensure controls are designed, implemented, and operating effectively across the enterprise
• Partner with Legal, Finance, and business leaders to align compliance with business growth and regulatory expectations.

Governance Model and Operating Structure

• Establish a scalable GRC operating model with clear ownership across business and technology teams
• Implement governance structures including:
  • Risk committees
  • Control ownership frameworks
  • Policy management processes
• Drive adoption of GRC platforms and automation for visibility and control tracking
• Establish accountability for risk and compliance across the organization.

Identity, Access, and Data Protection

• Own Identity & Access Management (IAM) strategy and governance
• Enforce least privilege, segregation of duties, and access lifecycle controls
• Define and enforce data classification, protection, and retention policies
• Oversee compliance with data privacy and cross-border data regulations

Third-Party and Vendor Risk

• Establish and lead a third-party risk management program
• Define and enforce security and compliance requirements for vendors, including risk assessments and ongoing oversight
• Integrate vendor risk into enterprise risk reporting and decision-making

Business Continuity and Resilience

• Own disaster recovery (DR) and business continuity planning (BCP)
• Align resilience strategies with business impact and risk tolerance
• Ensure operational readiness for cyber and operational disruptions

Team Leadership and Culture

• Build and lead a multi-functional organization across:
  • Security Operations
  • Security Engineering
  • Risk & Compliance
  • IAM
  • Vulnerability Management
  • Red Team / Testing
• Develop leadership capability and succession planning
• Drive a company-wide security and risk-aware culture

Required

• 12–15+ years in cybersecurity, risk, or compliance, with 5+ years in senior leadership roles (VP/CISO/Head of GRC)
• Proven ownership of enterprise GRC programs, not just participation
• Deep experience with:
  • Risk management frameworks and governance models
  • Security operations and incident response
  • Regulatory compliance (SOX, ITGC, privacy laws)
• Demonstrated experience leading audits, regulatory engagement, and control remediation
• Track record of translating risk into business impact for executive audiences
• Experience building and scaling cross-functional teams and programs

Preferred

• Experience in public or highly regulated environments
• Background in cloud security and DevSecOps
• Experience implementing GRC platforms and automation tools
• Exposure to M&A due diligence and integration (security/compliance)

Certifications (Valued, Not Decisive)

• CISSP
• CISM
• CISA
• CRISC
• CIPP

Competencies

• Enterprise Risk Thinking: Sees across security, compliance, operations, and business risk
• Decision Authority: Can make and stand behind risk-based decisions
• Executive Influence: Commands credibility with CIO, CMO, CRO, CTO (chief transformation officer), CFO, CEO, and Board
• Operational Depth: Can go deep technically when required
• Crisis Leadership: Proven ability to lead through incidents and audits
• Pragmatic judgment: Applies the right level of control to reduce risk without creating unnecessary friction for the business

Success Measures

Success in this role will be measured by outcomes, including but not limited to:

• Measurable reduction in top enterprise risks (cyber, data, third-party), with clear linkage to business impact and risk exposure over time.
• No material security incidents causing significant business disruption, data loss, or customer impact resulting from known or unmanaged risks.
• Reduction in incident detection and response time (MTTD/MTTR), with proven readiness through regular simulations and real event performance.
• Elimination of critical vulnerabilities and high-risk access gaps within defined SLAs, with no recurring or aging exceptions.
• Implementation of a scalable GRC model with clear ownership, accountability, and real-time visibility into risk and control effectiveness.
• Demonstrated ability to enable business growth (e.g., faster customer onboarding, partnerships, or security and compliance audits) without increasing unmanaged risk.

GDI is an Equal Employment Opportunity Employer

#INDGDI