Director IT Security and Compliance

Columbus, OH

The Director of Information Security and Compliance will be a key contributor to the company's near-term and long-term objectives, enabling the business to execute its vision in a secure and complaint manner. Duties include instructing, directing and assessing risk management. The Director of Information Security and Compliance is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected.


This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The Director of Information Security and Compliance will proactively work with business units to implement practices that meet defined policies and standards for information security.



In addition to following and supporting Chipotle’s policies and procedures, principal accountabilities include, but are not limited to:

  • Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
  • Develop, mentor, and mature talent within the team to create a high performing organization that meets the needs of the business.
  • Maintain a working knowledge of applicable compliance drivers (SOX, PCI, GDRP, etc.) and ensure on-going compliance.
  • Maintaining up-to-date knowledge of the IT security industry to include awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
  • Working closely with all IT organizations and Regional Support Specialists to create and maintain a single cohesive security vision.
  • Establishing and maintaining company-wide overall security standards, this may include, but is not limited to: hardware, software, operating systems, tools, networking, corporate and restaurant applications and systems, policy.
  • Improve risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
  • Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
  • Serve as an internal risk and compliance subject matter expert while interfacing with applicable departments, groups, and individuals on relevant initiatives and concerns.
  • Other duties as assigned


  • Bachelor’s Degree or equivalent experience in the field
  • 5-8 years of experience in IT Security, Compliance, and Risk
  • 3-5 years of supervisory experience
  • CISSP, CISM, CISA Certifications Preferred
  • Be able to communicate effectively with external business partners and internal teams to participate in the delivery of project requirements.
  • Participation in organizations and groups within the industry to help influence and educate.



Food served fast does not have to be a typical fast-food experience. Chipotle has always done things differently, both in and out of our restaurants. We are changing the face of fast food, starting conversations, and directly supporting efforts to shift the future of farming and food. We hope you will join us as we continue to learn, evolve, and shape what comes next on our mission to make better food accessible to everyone.

Subscribe to Job Alerts