About Us
At Planet Fitness, our mission has always been to enhance people’s lives by providing a high-quality fitness experience in a welcoming, judgement free environment. We are proud to be one of the largest and fastest-growing franchisors and operators of fitness centers in the United States, and we’re grateful for the amazing Planet Fitness team that supports our 2,000 clubs and millions of members every day.Our Planet Fitness team is comprised of dynamic, dedicated and talented individuals who represent our values of integrity, transparency, passion, respect, and excellence (while having fun!) in everything they do.Joining the PF family means being part of a company that cares about bettering the health and wellbeing of our communities. It means being a part of a supportive, engaging workforce with an inclusive culture that values diversity and creates an environment where everyone can feel they belong. It means encouraging professional growth and development. It means making true, lasting connections with your co-workers with celebrations, team building activities and engaging corporate events! It means creating a positive impact in our local communities through our Judgement Free Generation® philanthropic initiative. It means being part of a brand that you can be proud of!For the past 25 years, we’ve helped millions of people in their fitness journey and revolutionized the industry along the way. And we’re just getting started!
Overview
The Sr. Director, Information Security will play a critical role in ensuring the protection, confidentiality and integrity of Planet Fitness data and systems across the enterprise. This high-impact leadership position will be responsible for developing and implementing a comprehensive information security program and roadmap designed to continually improve and enhance PF’s security initiatives, protecting the PF Customers and the PF brand.
The Sr. Director, Information Security will play a key role in managing risks related to cyber security, payment processing, and privacy laws and regulations. As our security subject matter expert, the Sr. Director, Information Security will lead a team responsible for managing various aspects of the cyber security program including but not limited to the evaluation of systems, applications, data classification, vulnerability scanning, incident response, policies, and training.
Additionally, this role will oversee the organization’s security controls for internal and third-party systems including our infrastructure and enterprise applications which resides on AWS, Azure, internal and externally hosted environments.
The ideal candidate is open to working our hybrid schedule out of our Hampton, NH headquarters office. Remote candidates in the eastern time zone that are willing and able to travel to our Hampton, NH office once a month, will also be considered.
Responsibilities
- Develop and implement a comprehensive information security program to protect the organization’s data and systems, drive risk mitigation, meet compliance requirements and oversee operational controls.
- Clearly articulate the organization security to the executive leadership team.
- Lead a team of FTE, contactor, and consultant security resources developing people capability and team effectiveness.
- Maintain and implement policy for business governance, compliance and risk, data retention, and data privacy matters.
- Balance security needs across multiple business functions to facilitate growth in a secure manner.
- Develop and implement security programs for international markets and ensure compliance with market and local regulation.
- Establish and implement appropriate standards, governance and criteria for hardware, software, email and web firewall, access, and encryption requirements.
- Investigate and evaluate potential business impacts from security breaches and provide strategic and tactical guidance to business decisionmakers.
- Oversee the PCI compliance program for the brand, ensuring compliance with industry standards including PCI DSS, HIPPA, CCPA, GDPR and SOX.
- Lead the team responsible for the annual PCI assessment for the PF online and mobile join process, SAQ-C reviews and submissions, and monitor and enforce franchisee compliance.
- Oversee the PCI Assessment activities including pre-assessment preparedness, coordination with assessment vendors, collecting evidence, and reviewing, as well as reporting on findings.
- Stay up to date on evolving privacy and security regulations, adapting the compliance framework accordingly.
- Identify key program metrics to measure the effectiveness of the security program and measure the organization’s risk.
- Perform regular risk assessments to identify vulnerabilities and threats across the organization.
- Manage and coordinate NIST assessments, ensuring that security controls are effectively implemented and maintained.
- Develop and enforce enterprise-wide information security policies and procedures to safeguard data and systems.
- Develop and lead an incident response plan, including incident detection, reporting and recovery strategies.
- Develop and manage the information security budget, ensuring optimal allocation of resources.
- Lead internal and external security reviews and audits.
- Provide consultation and support to franchise technology resources on defined security standards and practices.
Qualifications
- Bachelor’s degree in computer science, Cyber Security, or a related field combined with 10 years in an information security role
- Certified Information Systems Security Professional (CISSP), CISM or equivalent preferred
- Strong experience with mid-sized global enterprises
- Experience in PCI IT controls, processes, and testing with 8 years’ experience facilitating external PCI assessments
- Demonstrated success in implementing, and auditing Security & Compliance policies and controls
- Strong Knowledge of compliance standards such as PCI DSS, HIPPA, CCPA, GDPR and SOX.
- Solid understanding of AWS security
- Experience coordinating with 3rd party vendors and understanding their role in an annual PCI assessment
- Excellent understanding & ability to develop and articulate a vision for security strategy
- Superior project coordination/management skills including project planning and directing project activities
- Experience designing architecture for security programs relating to audit, compliance, risk governance, and security awareness training
- Experience in preparing and delivering executive and board level presentations
- Maintains a strong understanding of current and upcoming PCI regulatory requirements and legislation
- Highly motivated with a proven ability to facilitate the resolution of compliance and security gaps
- Strong influencing skills leading technology discussions at the senior leadership level
- Ability to collaborate and manage relationships with other business units, external vendors and stakeholders
- Extremely detail-oriented, efficient, and organized with an exceptional ability to establish priorities and objectives
- Excellent presentation and communication skills along with the ability to communicate effectively across all levels of the organization
- Able to establish and maintain effective, collaborative work relationships with diverse individuals, internally and externally
- Creative, progressive, thought leadership with the ability to influence at all levels of the organization
- Dedicated learner with a natural curiosity for consistent growth
- Exhibits comfort, ease, and flexibility working in an extremely fast-paced ever-changing, deadline-driven environment
- Cooperative team player with an upbeat, positive, “can-do” attitude!
Perks
- Hybrid Work Schedule out of our Hampton, NH office
- Early release Fridays
- Volunteer days off
- Competitive salaries and comprehensive benefits package, including medical, pharmacy, dental and vision benefits
- Generous vacation/holiday pay
- 401(k) Retirement
- Employee Stock Purchase Program
- Childcare reimbursement
- Pet care reimbursement
- Learning and development programs
- Discount programs, including vacations, theme parks, shopping, meal delivery services & much more
- Free Black Card membership and fun exercise incentives
- Company-sponsored social events
- Access to our gym at headquarters, complete with locker rooms and Black Card area
- Delicious, healthy breakfast and lunch options served at our headquarters café
Note to Applicants: We have been made aware of an increasing number of hiring fraud schemes across numerous platforms. Planet Fitness never requires advance payments of any kind for computer equipment or any other purpose at the start of employment. Any request for you to provide payment information during the application process is part of a fraud scheme. Further, we recommend that you do not provide sensitive personal information (SSN, DOB, driver’s license number) as part of the initial application process.