<p>Who We Are:</p> <p>Xponential Fitness is the curator of leading brands across every vertical in the boutique fitness industry. Xponential Fitness' portfolio of brands includes Club Pilates, the nation's largest Pilates brand; CycleBar, the nation's largest indoor cycling brand; StretchLab, a concept offering one-on-one and group stretching services; YogaSix, the largest franchised yoga brand; Pure Barre, a total body workout that uses the ballet barre to perform small isometric movements; Rumble, a boxing-inspired full-body workout; and BFT, a functional training and strength-based fitness program; and Lindora, a medically supervised weight loss clinic.</p> <p>Job Overview:</p> <p>We are seeking a hands-on, strategic, and technically fluent cybersecurity leader to serve as Director of Cybersecurity Operations & GRC. This role is responsible for protecting the organization's corporate and franchise environments through robust threat detection, compliance, and governance programs - while leading enterprise-wide due diligence for third-party applications and integrations.</p> <p>You will lead a lean, high-impact team and serve as a key partner in embedding security into every layer of our technology and business stack. This role drives not only operational excellence but also ongoing innovation and continuous optimization in areas such as shadow AI governance, ethical AI practices, secure automation, and emerging risk. You'll play a central role in aligning security strategy with business growth, brand integrity, and regulatory expectations.</p> <p>Key Responsibilities:</p> <ul> <li>Security Operations & Threat Detection (Hands-On) </li><li>Lead and execute day-to-day cybersecurity operations including incident response, threat hunting, and log analysis. </li><li>Manage and optimize SIEM, SOAR, and EDR tools to ensure scalable and actionable detection across environments. </li><li>Own the development of response playbooks, threat models, and security incident protocols. </li><li>Governance, Risk & Compliance (GRC) </li><li>Own the governance and implementation of PCI-DSS, SOX, NIST, and other regulatory frameworks across corporate and franchise systems. </li><li>Conduct internal and external risk assessments, controls validation, and compliance audits. </li><li>Operationalize security policies and frameworks in collaboration with the Risk & Compliance Enablement Lead and GRC Specialist. </li><li>Third-Party & Application Security </li><li>Lead security due diligence and risk assessment for third-party platforms, applications, and SaaS integrations. </li><li>Collaborate with procurement, legal, and engineering teams to establish secure vendor onboarding, contract clauses, and data governance requirements. </li><li>Manage lifecycle risk, including continuous monitoring and re-certification of critical vendors and platforms. </li><li>Innovation & Emerging Risk Governance </li><li>Establish scalable security practices for shadow AI, generative AI use cases, ethical AI governance, and low-code/no-code platforms. </li><li>Continuously evaluate and implement emerging tools, automation frameworks, and control improvements to advance our security maturity. </li><li>Stay ahead of regulatory shifts and proactively embed forward-looking risk mitigation into technology roadmaps. </li><li>Policy, BCP & Awareness Enablement </li><li>Maintain and evolve security policies, standards, and procedures. </li><li>Lead business continuity and disaster recovery planning, testing, and reporting. </li><li>Deliver targeted training and awareness programs to drive a culture of security across corporate and franchise teams. </li><li>Strategic Leadership & Cross-Functional Collaboration </li><li>Manage and develop a specialized team of analysts, engineers, and GRC professionals. </li><li>Serve as the security liaison to cross-functional leaders in Legal, Field Operations, Finance, Marketing, Product, and Data to ensure security-by-design and risk-informed decision making. </li><li>Provide executive-ready reporting on risk posture, incidents, control gaps, and emerging threats. </li></ul> <p>Pay Range: $160,000 - $200,000</p> <p>Benefits:</p> <ul> <li>Medical, Dental and Vision benefits </li><li>This role is eligible for a monthly cell phone allowance </li><li>Empower is our 401k company. We offer Traditional and Roth 401k plans. Employer match is 4% and starts matching at the beginning of year 2. Your 401k would be fully vested at the start of year 3 </li><li>Complimentary corporate memberships to XPLUS and XPASS </li><li>Discounts on retail brand merchandise- up to 30% off wholesale price </li><li>On-site gym </li><li>On Campus Amenities: Reborn Coffee Shop, Hangar 24, Mini Putting Green, Basketball Court, Bird Sanctuary, Car Washing Services (M/W), Dry Cleaning Services </li></ul> <p>Qualifications</p> <p>Qualifications:</p> <ul> <li>Bachelor's degree in Information Security, Computer Science, or a related field (Master's preferred). </li><li>PCI and Sox Compliance </li><li>7+ years of cybersecurity experience, with at least 3 in a leadership role spanning both strategy and execution. </li><li>Deep expertise in cloud-native security (AWS preferred), security operations, incident response, and threat management. </li><li>Proven experience conducting and leading third-party risk reviews, compliance audits, and security assessments. </li><li>Familiarity with governance frameworks including PCI-DSS, SOX, NIST, ISO, and ethical AI best practices. </li><li>Exceptional collaboration skills with a history of influencing across technical, legal, operations, and business teams. </li><li>Preferred certifications: CISSP, CISM, CRISC, AWS Security Specialty, GIAC, or equivalent. </li></ul>