Cybersecurity Operations & GRC Lead

Who We Are:

Xponential Fitness is the curator of leading brands across every vertical in the boutique fitness industry. Xponential Fitness portfolio of brands includes Club Pilates the nations largest Pilates brand; CycleBar the nations largest indoor cycling brand; StretchLab a concept offering one-on-one and group stretching services; YogaSix the largest franchised yoga brand; Pure Barre a total body workout that uses the ballet barre to perform small isometric movements; Rumble a boxing-inspired full-body workout; and BFT a functional training and strength-based fitness program; and Lindora a medically supervised weight loss clinic.

Job Overview:

We are seeking a hands-on strategic and technically fluent cybersecurity leader to serve as Director of Cybersecurity Operations & GRC. This role is responsible for protecting the organizations corporate and franchise environments through robust threat detection compliance and governance programs while leading enterprise-wide due diligence for third-party applications and integrations.

You will lead a lean high-impact team and serve as a key partner in embedding security into every layer of our technology and business stack. This role drives not only operational excellence but also ongoing innovation and continuous optimization in areas such as shadow AI governance ethical AI practices secure automation and emerging risk. Youll play a central role in aligning security strategy with business growth brand integrity and regulatory expectations.

Key Responsibilities:

• Security Operations & Threat Detection (Hands-On)
• Lead and execute day-to-day cybersecurity operations including incident response threat hunting and log analysis.
• Manage and optimize SIEM SOAR and EDR tools to ensure scalable and actionable detection across environments.
• Own the development of response playbooks threat models and security incident protocols.
• Governance Risk & Compliance (GRC)
• Own the governance and implementation of PCI-DSS SOX NIST and other regulatory frameworks across corporate and franchise systems.
• Conduct internal and external risk assessments controls validation and compliance audits.
• Operationalize security policies and frameworks in collaboration with the Risk & Compliance Enablement Lead and GRC Specialist.
• Third-Party & Application Security
• Lead security due diligence and risk assessment for third-party platforms applications and SaaS integrations.
• Collaborate with procurement legal and engineering teams to establish secure vendor onboarding contract clauses and data governance requirements.
• Manage lifecycle risk including continuous monitoring and re-certification of critical vendors and platforms.
• Innovation & Emerging Risk Governance
• Establish scalable security practices for shadow AI generative AI use cases ethical AI governance and low-code/no-code platforms.
• Continuously evaluate and implement emerging tools automation frameworks and control improvements to advance our security maturity.
• Stay ahead of regulatory shifts and proactively embed forward-looking risk mitigation into technology roadmaps.
• Policy BCP & Awareness Enablement
• Maintain and evolve security policies standards and procedures.
• Lead business continuity and disaster recovery planning testing and reporting.
• Deliver targeted training and awareness programs to drive a culture of security across corporate and franchise teams.
• Strategic Leadership & Cross-Functional Collaboration
• Manage and develop a specialized team of analysts engineers and GRC professionals.
• Serve as the security liaison to cross-functional leaders in Legal Field Operations Finance Marketing Product and Data to ensure security-by-design and risk-informed decision making.
• Provide executive-ready reporting on risk posture incidents control gaps and emerging threats.

Pay Range: $160000 - $200000

Benefits:

• Medical Dental and Vision benefits
• This role is eligible for a monthly cell phone allowance
• Empower is our 401k company. We offer Traditional and Roth 401k plans. Employer match is 4% and starts matching at the beginning of year 2. Your 401k would be fully vested at the start of year 3
• Complimentary corporate memberships to XPLUS and XPASS
• Discounts on retail brand merchandise- up to 30% off wholesale price
• On-site gym
• On Campus Amenities: Reborn Coffee Shop Hangar 24 Mini Putting Green Basketball Court Bird Sanctuary Car Washing Services (M/W) Dry Cleaning Services

Qualifications:

• Bachelors degree in Information Security Computer Science or a related field (Masters preferred).
• PCI and Sox Compliance
• 7 years of cybersecurity experience with at least 3 in a leadership role spanning both strategy and execution.
• Deep expertise in cloud-native security (AWS preferred) security operations incident response and threat management.
• Proven experience conducting and leading third-party risk reviews compliance audits and security assessments.
• Familiarity with governance frameworks including PCI-DSS SOX NIST ISO and ethical AI best practices.
• Exceptional collaboration skills with a history of influencing across technical legal operations and business teams.
• Preferred certifications: CISSP CISM CRISC AWS Security Specialty GIAC or equivalent.