Director, Cybersecurity

Company Overview:

NRS is a leading provider of transportation & supply chain solutions. As a family-owned and operated company, NRS has delivered smart logistics solutions to numerous Fortune 500 companies spanning over 70 years. Whether it’s NRT, Keystone, Keystone Fresh, or Keystone Capacity, our innovative energy drives us towards new and valuable solutions for our clients, even as we continuously grow and strengthen our network. We are dedicated to creating a culture that empowers the individual and offers our associates the opportunity to apply their unique skill to the challenges facing our clients. In the office, the warehouse, or on the road, it is this commitment to our innovative spirit that unites us in common mission to push boundaries in the logistics industry.

Job Overview:

This role is responsible for embedding security into every phase of the software development lifecycle (SDLC), strengthening the organization’s security posture, and driving a culture of security-first thinking. The Director will partner with Service Desk, Infrastructure, Security, and Application teams to improve customer experience, reduce risk, and increase operational excellence. The Director must be an effective business partner, with the ability to drive change within the organization towards a culture of process maturity. This role will implement best practices for monitoring, communications, troubleshooting issues, proactively communicating and improving data flow.

Job Description:

Lead, Manage, and hold Accountable

• Support and promote the company values, culture, and HR processes
• Define and execute the organization’s cybersecurity and DevSecOps strategy aligned with business objectives
• Lead, mentor, and grow a high-performing team of security engineers and DevSecOps professionals
• Collaborate with Operations, IT, and leadership to integrate security into all processes
• Establish and track KPIs, metrics, and reporting for security posture and risk management
• Recruit, reward, and recognize employees
• Provide the necessary training opportunities, tools, and resources to ensure team success
• Provide clear direction in weekly team checkpoints
• Manage frequent performance feedback
• Establish a training & adoption plan for process changes across IT and business stakeholders.

DevSecOps Integration

• Embed security tools and practices into CI/CD pipelines
• Champion “shift-left” security practices, including automated code scanning and testing
• Oversee secure coding standards and developer training programs
• Implement infrastructure-as-code (IaC) security controls and compliance checks
• Establish policies, SOPs, RACI, process maps, SLAs/OLAs, and controls.
• Define and manage the KPIs and OKRs process; publish dashboards and monthly service reviews.
• Maintain evidence and controls for process compliance and platform access governance.

Security Operations and Risk Management

• Oversee threat detection, vulnerability management, and incident response programs
• Conduct regular risk assessments and manage remediation efforts
• Ensure compliance with relevant regulations and standards (e.g., SOC 2, ISO 27001, NIST)
• Manage third-party/vendor security risk assessments
• Implement automation and AI where applicable to improve consistency and productivity

Architecture & Engineering

• Design and enforce secure system architectures across cloud and on-prem environments
• Evaluate and implement security tools (e.g., SAST, DAST, container security, SIEM)
• Partner with cloud and platform teams to secure modern architectures (e.g., microservices, Kubernetes)

Incident Response & Governance

• Lead incident response planning, tabletop exercises, and post-incident reviews
• Develop and maintain security policies, standards, and procedures
• Report on security risks and initiatives to executive leadership

Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, or related field experience
• 8–12+ years of experience in cybersecurity, with at least 3–5 years in a leadership role
• Strong experience implementing DevSecOps practices in modern engineering environments
• Deep understanding of cloud security (AWS or Azure)
• Experience with CI/CD tools (e.g., Jenkins, GitHub Actions, GitLab CI)
• Knowledge of security frameworks (NIST, ISO 27001, CIS Benchmarks)
• Proven track record managing security incidents and risk programs
• Excellent stakeholder management, facilitation, and communication skills.
• Strong problem-solving skills and attention to detail.
• Strong business acumen and ability to adapt to change.
• Knowledge of Logistics or 3PL business a bonus.
• Willingness to travel 10% of the time.
• Industry certifications such as CISSP, CISM, or CSSLP preferred
• Experience with containerization and orchestration (Docker, Kubernetes) preferred
• Familiarity with zero-trust architecture principles preferred
• Experience in regulated industries (finance, healthcare, etc. preferred

Physical Demands:

• This position may require travel to various company locations on the East and West Coast.
• Extended Sitting: Primarily desk-based with prolonged computer use.
• Computer Use: Frequent operation of computers and office equipment, requiring manual dexterity.
• Eye Strain and Repetitive Motion: Risk from continuous screen use and repetitive tasks like typing.
• Office Navigation: Light walking and standing for meetings and tasks within the office.
• Light Lifting: Occasional handling of objects up to 20 pounds.

EEO Statement:

NRS is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

#NRSIND