Director of Security Operations

About Upshop:

Upshop is the market leader in Total Store Operations solutions for the Grocery and C-Store markets. We offer an AI-powered, SaaS platform connecting Fresh, Center, eCommerce, and DSD department operations to deliver a simplified, smarter, more connected store experience. Customers running Upshop realize significant improvements in sales, shrink, food safety and sustainability across the entire store. 150+ retail chain accounts trust our software in over 30k+ stores, 9 countries, and 3 continents.  Upshop is backed by Level Equity, a growth focused private equity firm, and acquired Invafresh in 2024, doubling the size of the company.

Overview of the Role:

As Director of Security Operations at Upshop, you will lead efforts to safeguard our systems, data, and employees through scalable detection, response, and infrastructure security programs.

In this critical leadership role, you'll drive the design and implementation of robust security systems, partnering closely with Engineering, IT, and Compliance to embed world-class security controls across our environment. You'll play a key role in shaping our security strategy and ensuring Upshop remains secure, resilient, and compliant in a fast-paced, cloud-native ecosystem.

Responsibilities:

• Implement and manage the organization's IT security strategy, policies, and procedures.
• Guide a team of developers, providing guidance, training, and support to ensure the effective execution of security initiatives.
• Conduct regular risk assessments and vulnerability tests to identify potential security threats and develop strategies to mitigate them.
• Monitor and analyze security incidents, investigating any breaches or security incidents and implementing corrective actions as necessary.
• Stay up to date with the latest industry trends, threats, and technologies to ensure that the organization's IT security measures are current and effective.
• Collaborate with other departments to ensure that security requirements are integrated into the design and implementation of new systems and technologies.
• Role out security awareness programs to educate employees about security best practices and promote a culture of security within the organization.
• Manage relationships with external vendors and partners to ensure that security controls are effectively implemented and maintained.
• Ensure compliance with relevant regulatory requirements and industry standards, such as GDPR, ISO 27001, SOC2. Familiarity with US, Canada, European privacy regulations, California's Code of Regulations (CCR) etc.
• Prepare regular reports to senior management on the organization's IT security posture, including insights, recommendations, and metrics.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field. Advanced degrees are often preferred
• In-depth knowledge of IT security principles, best practices, and industry standards.
• Strong leadership and management skills, with the ability to motivate and inspire a team.
• Excellent problem-solving and analytical skills, with the ability to identify and mitigate security risks.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.
• Proficiency in conducting risk assessments and vulnerability testing.
• Experience with security incident response and management.
• Familiarity with security tools and technologies, such as firewalls, intrusion detection and prevention systems, encryption, antivirus software, etc.
• Knowledge of network and system administration.
• Understanding of cloud computing security principles and best practices.
• Familiarity with regulatory requirements and industry standards related to IT security.
• Excellent problem-solving and analytical skills
• Strong communication and collaboration abilities
• Ability to mentor and lead technical teams
• Other Considerations (travel/hours availability, etc.):
• Occasional travel is required. (10%)
• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly desirable.

Benefits/Perks:

• Hybrid – with ability to work in office in either Austin or Toronto
• Competitive salary
• Employer-matched 401(k) or RRSP plan
• Attractive paid time off policy / Flexible vacation policy
• Career growth and development opportunities
• Home office support set-up