Vice President, Security, Risk & Compliance
Apex Energy Solutions
•
Twinsburg, OH
0
0
0
0
Not Applicable
Posted April 4, 2026
Job link
Thinking about this job
Responsibilities
Commitments
Responsibilities
- Enterprise Risk Ownership (GRC Leadership)
- Own and operate the enterprise Governance, Risk, and Compliance (GRC) program
- Define and maintain risk appetite, tolerance, and escalation frameworks in partnership with executive leadership
- Establish and drive a risk-based decision-making model across technology and business domains, including clear recommendations and escalation of risk decisions to executive leadership as appropriate
- Lead enterprise-wide risk identification, assessment, mitigation, and acceptance processes
- Provide clear, actionable visibility into enterprise risk for the CTIO and executive leadership
- Security Strategy and Operations
- Define and execute a modern cybersecurity strategy aligned with business priorities, including security operations and control effectiveness
- Oversee Security Operations (SOC), ensuring effective monitoring, detection, and response
- Lead incident response, including executive communication and post-incident accountability
- Drive maturity across:
- Threat detection and response
- Vulnerability management
- Security architecture and engineering
- Embed security into infrastructure, applications, and cloud environments
- Establish and enforce application security practices, including secure development standards and integration with development processes Compliance and Regulatory Leadership
- Own compliance with:
- SOX / ITGC controls
- PCI
- S. data privacy laws (CCPA/CPRA)
- Build and operate a continuous compliance program, not audit-driven cycles
- Lead internal and external audit strategy, execution, and remediation
- Ensure controls are designed, implemented, and operating effectively across the enterprise
- Partner with Legal, Finance, and business leaders to align compliance with business growth and regulatory expectations.
- Governance Model and Operating Structure
- Establish a scalable GRC operating model with clear ownership across business and technology teams
- Implement governance structures including:
- Risk committees
- Control ownership frameworks
- Policy management processes
- Drive adoption of GRC platforms and automation for visibility and control tracking
- Establish accountability for risk and compliance across the organization.
- Identity, Access, and Data Protection
- Own Identity & Access Management (IAM) strategy and governance
- Enforce least privilege, segregation of duties, and access lifecycle controls
- Define and enforce data classification, protection, and retention policies
- Oversee compliance with data privacy and cross-border data regulations
- Third-Party and Vendor Risk
- Establish and lead a third-party risk management program
- Define and enforce security and compliance requirements for vendors, including risk assessments and ongoing oversight
- Integrate vendor risk into enterprise risk reporting and decision-making
- Business Continuity and Resilience
- Own disaster recovery (DR) and business continuity planning (BCP)
- Align resilience strategies with business impact and risk tolerance
- Ensure operational readiness for cyber and operational disruptions
- Team Leadership and Culture
- Build and lead a multi-functional organization across:
- Security Operations
- Security Engineering
- Risk & Compliance
- IAM
- Vulnerability Management
- Red Team / Testing
- Develop leadership capability and succession planning
- Drive a company-wide security and risk-aware culture Required
Commitments
The Vice President of Security, Risk & Compliance will lead the company’s security, compliance, and risk management functions.
Location: Twinsburg, OH (Hybrid)
Reduction in incident detection and response time (MTTD/MTTR), with proven readiness through regular simulations and real event performance.
Demonstrated ability to enable business growth (e.g., faster customer onboarding, partnerships, or security and compliance audits) without increasing unmanaged risk.
GDI is an Equal Employment Opportunity Employer
Not Met Priorities
What still needs stronger evidence
Requirements
- 12–15+ years in cybersecurity, risk, or compliance, with 5+ years in senior leadership roles (VP/CISO/Head of GRC)
- Proven ownership of enterprise GRC programs, not just participation
- Deep experience with:
- Risk management frameworks and governance models
- Security operations and incident response
- Regulatory compliance (SOX, ITGC, privacy laws)
- Demonstrated experience leading audits, regulatory engagement, and control remediation
- Track record of translating risk into business impact for executive audiences
- Experience building and scaling cross-functional teams and programs Preferred
- Experience in public or highly regulated environments
- Background in cloud security and DevSecOps
- Experience implementing GRC platforms and automation tools
- Exposure to M&A due diligence and integration (security/compliance)
- CISSP
- CISA
- Enterprise Risk Thinking: Sees across security, compliance, operations, and business risk
- Executive Influence: Commands credibility with CIO, CMO, CRO, CTO (chief transformation officer), CFO, CEO, and Board
- Operational Depth: Can go deep technically when required
- Crisis Leadership: Proven ability to lead through incidents and audits
- Pragmatic judgment: Applies the right level of control to reduce risk without creating unnecessary friction for the business
- Reduction in incident detection and response time (MTTD/MTTR), with proven readiness through regular simulations and real event performance.
- Demonstrated ability to enable business growth (e.g., faster customer onboarding, partnerships, or security and compliance audits) without increasing unmanaged risk.
Preferred Skills
- Experience building and scaling cross-functional teams and programs Preferred
- Experience in public or highly regulated environments
- Background in cloud security and DevSecOps
- Experience implementing GRC platforms and automation tools
- Exposure to M&A due diligence and integration (security/compliance)
- Certifications (Valued, Not Decisive)
- CISSP
- CISM
- CISA
Overview
Great Day Improvements - Vice President, Security, Risk & Compliance - Twinsburg, OH (Hybrid)
Company Overview
Since its founding 13 years ago, Great Day Improvements, LLC has grown rapidly toward its vision of becoming one of the largest home improvement companies in the U.S. Headquartered in Twinsburg, Ohio, Great Day Improvements is a $1.5 billion, vertically integrated, direct-to-consumer provider of premium home improvement products.
The company’s family of brands includes Patio Enclosures®, Champion Windows and Home Exteriors®, Universal Windows Direct®, Apex Energy Solutions®, Stanek Windows®, Leafguard®, Englert®, and The Bath Authority. With an expanding workforce of over 4,800 employees across 130 metropolitan markets throughout the U.S., Great Day Improvements continues to rank among the top home improvement companies nationwide and is one of the fastest growing private companies in America.
Technology plays a central role in how Great Day grows, competes, and serves customers. The Vice President of Security, Risk & Compliance is a newly created executive role responsible for establishing a disciplined, enterprise-wide approach to security, risk management, and compliance that protects the business while supporting scalable growth.
Summary
The Vice President of Security, Risk & Compliance will lead the company’s security, compliance, and risk management functions. This role has end-to-end accountability across security operations, risk, and compliance, ensuring alignment between technical security execution and enterprise governance.
A major focus of the role will be putting the right standards, controls, and governance in place to protect the business, reduce risk, and support growth, including establishing a SOX-aligned control environment for the company, with the policies, processes, and accountability needed to strengthen financial and IT controls as the company continues to mature its control environment.
This leader will work across IT, Finance, Marketing, and business unit teams to define control requirements, improve security and compliance practices, and build a more disciplined approach to risk management. The role also provides executive leadership with clear visibility into the company’s security, compliance, and operational risk posture. The right candidate will know how to build the right level of control without creating unnecessary processes or slowing the business down, while enabling the business to scale with confidence.
Location: Twinsburg, OH (Hybrid)
Responsibilities
Enterprise Risk Ownership (GRC Leadership)
Own and operate the enterprise Governance, Risk, and Compliance (GRC) program
Define and maintain risk appetite, tolerance, and escalation frameworks in partnership with executive leadership
Establish and drive a risk-based decision-making model across technology and business domains, including clear recommendations and escalation of risk decisions to executive leadership as appropriate
Lead enterprise-wide risk identification, assessment, mitigation, and acceptance processes
Provide clear, actionable visibility into enterprise risk for the CTIO and executive leadership
Security Strategy and Operations
Define and execute a modern cybersecurity strategy aligned with business priorities, including security operations and control effectiveness
Oversee Security Operations (SOC), ensuring effective monitoring, detection, and response
Lead incident response, including executive communication and post-incident accountability
Drive maturity across:
Threat detection and response
Vulnerability management
Security architecture and engineering
Embed security into infrastructure, applications, and cloud environments
Establish and enforce application security practices, including secure development standards and integration with development processes Compliance and Regulatory Leadership
Own compliance with:
SOX / ITGC controls
PCI
S. data privacy laws (CCPA/CPRA)
Build and operate a continuous compliance program, not audit-driven cycles
Lead internal and external audit strategy, execution, and remediation
Ensure controls are designed, implemented, and operating effectively across the enterprise
Partner with Legal, Finance, and business leaders to align compliance with business growth and regulatory expectations. Governance Model and Operating Structure
Establish a scalable GRC operating model with clear ownership across business and technology teams
Implement governance structures including:
Risk committees
Control ownership frameworks
Policy management processes
Drive adoption of GRC platforms and automation for visibility and control tracking
Establish accountability for risk and compliance across the organization. Identity, Access, and Data Protection
Own Identity & Access Management (IAM) strategy and governance
Enforce least privilege, segregation of duties, and access lifecycle controls
Define and enforce data classification, protection, and retention policies
Oversee compliance with data privacy and cross-border data regulations
Third-Party and Vendor Risk
Establish and lead a third-party risk management program
Define and enforce security and compliance requirements for vendors, including risk assessments and ongoing oversight
Integrate vendor risk into enterprise risk reporting and decision-making
Business Continuity and Resilience
Own disaster recovery (DR) and business continuity planning (BCP)
Align resilience strategies with business impact and risk tolerance
Ensure operational readiness for cyber and operational disruptions
Team Leadership and Culture
Build and lead a multi-functional organization across:
Security Operations
Security Engineering
Risk & Compliance
IAM
Vulnerability Management
Red Team / Testing
Develop leadership capability and succession planning
Drive a company-wide security and risk-aware culture Required
Qualifications
12–15+ years in cybersecurity, risk, or compliance, with 5+ years in senior leadership roles (VP/CISO/Head of GRC)
Proven ownership of enterprise GRC programs, not just participation
Deep experience with:
Risk management frameworks and governance models
Security operations and incident response
Regulatory compliance (SOX, ITGC, privacy laws)
Demonstrated experience leading audits, regulatory engagement, and control remediation
Track record of translating risk into business impact for executive audiences
Experience building and scaling cross-functional teams and programs Preferred
Experience in public or highly regulated environments
Background in cloud security and DevSecOps
Experience implementing GRC platforms and automation tools
Exposure to M&A due diligence and integration (security/compliance)
Certifications (Valued, Not Decisive)
CISSP
CISM
CISA
CRISC
CIPP
Competencies
Enterprise Risk Thinking: Sees across security, compliance, operations, and business risk
Decision Authority: Can make and stand behind risk-based decisions
Executive Influence: Commands credibility with CIO, CMO, CRO, CTO (chief transformation officer), CFO, CEO, and Board
Operational Depth: Can go deep technically when required
Crisis Leadership: Proven ability to lead through incidents and audits
Pragmatic judgment: Applies the right level of control to reduce risk without creating unnecessary friction for the business
Success Measures
Success in this role will be measured by outcomes, including but not limited to:
Measurable reduction in top enterprise risks (cyber, data, third-party), with clear linkage to business impact and risk exposure over time.
No material security incidents causing significant business disruption, data loss, or customer impact resulting from known or unmanaged risks.
Reduction in incident detection and response time (MTTD/MTTR), with proven readiness through regular simulations and real event performance.
Elimination of critical vulnerabilities and high-risk access gaps within defined SLAs, with no recurring or aging exceptions.
Implementation of a scalable GRC model with clear ownership, accountability, and real-time visibility into risk and control effectiveness.
Demonstrated ability to enable business growth (e.g., faster customer onboarding, partnerships, or security and compliance audits) without increasing unmanaged risk.
GDI is an Equal Employment Opportunity Employer
#INDGDI
Great Day Improvements - Vice President, Security, Risk & Compliance - Twinsburg, OH (Hybrid)
Company Overview
Since its founding 13 years ago, Great Day Improvements, LLC has grown rapidly toward its vision of becoming one of the largest home improvement companies in the U.S. Headquartered in Twinsburg, Ohio, Great Day Improvements is a $1.5 billion, vertically integrated, direct-to-consumer provider of premium home improvement products.
The company’s family of brands includes Patio Enclosures®, Champion Windows and Home Exteriors®, Universal Windows Direct®, Apex Energy Solutions®, Stanek Windows®, Leafguard®, Englert®, and The Bath Authority. With an expanding workforce of over 4,800 employees across 130 metropolitan markets throughout the U.S., Great Day Improvements continues to rank among the top home improvement companies nationwide and is one of the fastest growing private companies in America.
Technology plays a central role in how Great Day grows, competes, and serves customers. The Vice President of Security, Risk & Compliance is a newly created executive role responsible for establishing a disciplined, enterprise-wide approach to security, risk management, and compliance that protects the business while supporting scalable growth.
Summary
The Vice President of Security, Risk & Compliance will lead the company’s security, compliance, and risk management functions. This role has end-to-end accountability across security operations, risk, and compliance, ensuring alignment between technical security execution and enterprise governance.
A major focus of the role will be putting the right standards, controls, and governance in place to protect the business, reduce risk, and support growth, including establishing a SOX-aligned control environment for the company, with the policies, processes, and accountability needed to strengthen financial and IT controls as the company continues to mature its control environment.
This leader will work across IT, Finance, Marketing, and business unit teams to define control requirements, improve security and compliance practices, and build a more disciplined approach to risk management. The role also provides executive leadership with clear visibility into the company’s security, compliance, and operational risk posture. The right candidate will know how to build the right level of control without creating unnecessary processes or slowing the business down, while enabling the business to scale with confidence.
Location: Twinsburg, OH (Hybrid)
Responsibilities
Enterprise Risk Ownership (GRC Leadership)
Own and operate the enterprise Governance, Risk, and Compliance (GRC) program
Define and maintain risk appetite, tolerance, and escalation frameworks in partnership with executive leadership
Establish and drive a risk-based decision-making model across technology and business domains, including clear recommendations and escalation of risk decisions to executive leadership as appropriate
Lead enterprise-wide risk identification, assessment, mitigation, and acceptance processes
Provide clear, actionable visibility into enterprise risk for the CTIO and executive leadership
Security Strategy and Operations
Define and execute a modern cybersecurity strategy aligned with business priorities, including security operations and control effectiveness
Oversee Security Operations (SOC), ensuring effective monitoring, detection, and response
Lead incident response, including executive communication and post-incident accountability
Drive maturity across:
Threat detection and response
Vulnerability management
Security architecture and engineering
Embed security into infrastructure, applications, and cloud environments
Establish and enforce application security practices, including secure development standards and integration with development processes Compliance and Regulatory Leadership
Own compliance with:
SOX / ITGC controls
PCI
S. data privacy laws (CCPA/CPRA)
Build and operate a continuous compliance program, not audit-driven cycles
Lead internal and external audit strategy, execution, and remediation
Ensure controls are designed, implemented, and operating effectively across the enterprise
Partner with Legal, Finance, and business leaders to align compliance with business growth and regulatory expectations. Governance Model and Operating Structure
Establish a scalable GRC operating model with clear ownership across business and technology teams
Implement governance structures including:
Risk committees
Control ownership frameworks
Policy management processes
Drive adoption of GRC platforms and automation for visibility and control tracking
Establish accountability for risk and compliance across the organization. Identity, Access, and Data Protection
Own Identity & Access Management (IAM) strategy and governance
Enforce least privilege, segregation of duties, and access lifecycle controls
Define and enforce data classification, protection, and retention policies
Oversee compliance with data privacy and cross-border data regulations
Third-Party and Vendor Risk
Establish and lead a third-party risk management program
Define and enforce security and compliance requirements for vendors, including risk assessments and ongoing oversight
Integrate vendor risk into enterprise risk reporting and decision-making
Business Continuity and Resilience
Own disaster recovery (DR) and business continuity planning (BCP)
Align resilience strategies with business impact and risk tolerance
Ensure operational readiness for cyber and operational disruptions
Team Leadership and Culture
Build and lead a multi-functional organization across:
Security Operations
Security Engineering
Risk & Compliance
IAM
Vulnerability Management
Red Team / Testing
Develop leadership capability and succession planning
Drive a company-wide security and risk-aware culture Required
Qualifications
12–15+ years in cybersecurity, risk, or compliance, with 5+ years in senior leadership roles (VP/CISO/Head of GRC)
Proven ownership of enterprise GRC programs, not just participation
Deep experience with:
Risk management frameworks and governance models
Security operations and incident response
Regulatory compliance (SOX, ITGC, privacy laws)
Demonstrated experience leading audits, regulatory engagement, and control remediation
Track record of translating risk into business impact for executive audiences
Experience building and scaling cross-functional teams and programs Preferred
Experience in public or highly regulated environments
Background in cloud security and DevSecOps
Experience implementing GRC platforms and automation tools
Exposure to M&A due diligence and integration (security/compliance)
Certifications (Valued, Not Decisive)
CISSP
CISM
CISA
CRISC
CIPP
Competencies
Enterprise Risk Thinking: Sees across security, compliance, operations, and business risk
Decision Authority: Can make and stand behind risk-based decisions
Executive Influence: Commands credibility with CIO, CMO, CRO, CTO (chief transformation officer), CFO, CEO, and Board
Operational Depth: Can go deep technically when required
Crisis Leadership: Proven ability to lead through incidents and audits
Pragmatic judgment: Applies the right level of control to reduce risk without creating unnecessary friction for the business
Success Measures
Success in this role will be measured by outcomes, including but not limited to:
Measurable reduction in top enterprise risks (cyber, data, third-party), with clear linkage to business impact and risk exposure over time.
No material security incidents causing significant business disruption, data loss, or customer impact resulting from known or unmanaged risks.
Reduction in incident detection and response time (MTTD/MTTR), with proven readiness through regular simulations and real event performance.
Elimination of critical vulnerabilities and high-risk access gaps within defined SLAs, with no recurring or aging exceptions.
Implementation of a scalable GRC model with clear ownership, accountability, and real-time visibility into risk and control effectiveness.
Demonstrated ability to enable business growth (e.g., faster customer onboarding, partnerships, or security and compliance audits) without increasing unmanaged risk.
GDI is an Equal Employment Opportunity Employer
#INDGDI