Director of Security and IT

Description

Who is FranConnect?

FranConnect is the leading franchise and multi-unit management software provider. For 20 years, the FranConnect platform has served as the sales, operations, and marketing backbone for over 1500 brands worldwide. Nine of the Franchise Times Top 10 Fastest-Growing franchise businesses rely on FranConnect to drive growth, improve profitability, and streamline operational performance. FranConnect customers span all sizes, growth phases, and industries and they grow 44% faster on average than the broader franchising market. Backed by private-equity investor Serent Capital, FranConnect is headquartered in Herndon, Virginia, with global offices in Australia, India, Colombia and Canada. For more information on FranConnect, visit www.franconnect.com.  

Why Join Us

At FranConnect, we believe that great companies are built on great cultures. Our team is passionate, collaborative, and driven by a shared mission: to empower franchise and multi-location businesses with the tools they need to thrive. We foster an environment where innovation, transparency, and continuous learning are at the core of everything we do. Employee growth and well-being matter to us, and we take pride in cultivating a workplace where every voice is heard, ideas are valued, and contributions make a real impact. 

Joining FranConnect means being part of a company that not only values its people but also plays a crucial role in shaping the future of franchising and multi-location businesses. If you’re looking for a place where you can grow, contribute meaningfully, and be part of something bigger, we’d love to have you on our team!

About the role

We’re looking for a Security Leader who can take us to the next level in enterprise security, compliance and IT management by developing, implementing, and overseeing the organization’s global security strategy. The Director of Security and IT will work with members of the executive team, external consultants and internal leaders to foster a culture of security awareness across the global organization by implementing security and IT best practices across all layers of people, processes and product.

Key Responsibilities  

• Security & Compliance Strategy & Governance: Develop, enforce, and lead the company’s security and compliance strategy, policies, and governance framework.
• Regulatory Compliance: Ensure adherence to relevant regulatory requirements, such as GDPR, ISO 27001, SOC 2, and other industry-specific standards.
• Risk Management: Conduct risk assessments to identify vulnerabilities, develop mitigation strategies, and ensure business continuity planning.
• Cybersecurity Operations: Oversee cybersecurity programs, including threat detection, incident response, and vulnerability management.
• Security Awareness & Training: Implement security awareness programs to educate employees on best practices and regulatory compliance.
• Security Leadership: Guide development and operations teams on risk management, security dev standards and auditing.
• Vendor & Third-Party Security Management: Assess and manage the security posture of third-party vendors and partners.
• Sales Support & Customer Support: Manage customer security assessments, including review of security contract terms and completion of RFP documents.
• Incident Response & Crisis Management: Develop and lead incident response plans, ensuring timely and effective resolution of security breaches.
• Serve as the company’s Data Protection Officer and, as necessary or appropriate, participate in representation of the company before data protection authorities and other regulators and agencies.
• IT Oversight: Oversee the operations and management of all internal IT systems, tools and infrastructure deployed across our US offices (< 15%).

Requirements

What You’ll Need (Qualifications)

• 8+ years of proven experience managing security at fast-moving organizations, global operational experience a plus.
• Strong technical expertise and knowledge of cybersecurity frameworks, risk management methodologies, data protection laws, and regulatory compliance.
• Proven ability to drive strategic initiatives and influence stakeholders.
• Excellent verbal and written communication skills, with the ability to present complex security issues to non-technical stakeholders.
• Strong problem-solving abilities and strategic thinking in handling security and compliance challenges.
• CISSP, CISM, CISA, CRISC, or other relevant security certifications, a plus.
• BA in Information Security, Computer Science, Business Administration, or a related field; Master’s degree a plus.