Sr. Vice President of Technology

Senior Vice President Of Technology

Nutramax desires to provide a drug-free, healthful, and safe workplace. We hold a zero-tolerance policy for drug use. Employment is contingent upon successfully passing a preemployment background check and drug screen (subject to applicable law).

The hours for this position are Monday - Friday 8:30am - 5:00pm. This role is 100% on site in Lancaster, SC.

Position Summary: The Senior Vice President of Technology is Nutramax Laboratories' senior-most technology and information security executive, accountable for the protection, resilience, and reliability of the organization's information assets, systems, and digital operations. Reporting directly to the Chief Operating Officer, this role unifies Information Technology, Cybersecurity, Infrastructure, Applications, ERP, Desktop Support, and the Web and Digital function under a role.

This position exercises the responsibilities, authority, and accountability of a security leader while also owning the enterprise Information Technology function. The role partners closely with Legal, Finance, Commercial, Quality, and Operations to deliver technology and security outcomes that enable business growth, protect regulated data, support audit readiness, and reduce enterprise risk in a manner aligned to the NIST Cybersecurity Framework (CSF) 2.0.

Key Responsibilities

• Define and execute the enterprise technology and cybersecurity strategy, ensuring alignment with Nutramax's business objectives, regulatory position, and long-term organizational vision.
• Serve as the senior executive accountable for the confidentiality, integrity, and availability of Nutramax's information assets, regulated data, and operating environments across on-premises, cloud, and digital channels.
• Establish and operate a formal cybersecurity governance program aligned to the NIST Cybersecurity Framework (CSF) 2.0, including documented policies, standards, procedures, and measurable controls across the Govern, Identify, Protect, Detect, Respond, and Recover functions.
• Own enterprise cyber risk management, including risk identification, risk acceptance, exception handling, executive reporting, and the maintenance of a current risk register reviewed with the Chief Operating Officer and executive leadership on a defined cadence.
• Serve as a trusted advisor to the Chief Operating Officer and executive leadership on technology, digital transformation, cyber risk, and regulatory exposure.

Information Security & Risk Management

• Lead the development, approval, communication, and enforcement of all information security and acceptable use policies, ensuring policies are reviewed at least annually and remain consistent with legal, regulatory, and contractual obligations.
• Establish and mature data classification, data handling, and data loss prevention program, ensuring regulated and sensitive data is identified, labeled, protected, and retained in accordance with policy.
• Direct the identity and access management program, including privileged access management, just-in-time administrative access, least-privilege enforcement, multi-factor authentication, and a repeatable access review and recertification cadence across on-premises and cloud environments.
• Oversee vulnerability management, penetration testing, configuration auditing, and remediation tracking for AWS, Microsoft 365, internal networks, endpoints, and externally exposed assets, ensuring findings are prioritized by risk and closed within defined service-level expectations.
• Establish a third-party and supply chain cyber risk program, including security review of new vendors, contractual security requirements, periodic re-assessment of critical suppliers, and remediation of identified third-party risks.

Incident Response, Resilience & Recovery

• Own incident response readiness, including the incident response plan, executive escalation paths, law enforcement and regulatory notification contacts, third-party retainers, tabletop exercises, and post-incident lessons learned.
• Serve as the senior technical incident commander during cybersecurity events, partnering with the legal counsel to preserve attorney-client privilege and coordinate communications.
• Ensure Disaster Recovery and Business Continuity plans are documented, current, exercised at a defined frequency, and capable of meeting business-approved recovery time and recovery point objectives.
• Bring the web, digital, and e-commerce environment under formal information security governance, including asset inventory, secure software development lifecycle (SDLC) requirements, code review, vulnerability management, and pre-release security checkpoints.

Information Technology Operations & Delivery

• Provide executive leadership across the full Information Technology function, including the Vice President of Information Technology and the leaders of Infrastructure, Applications, ERP, Desktop Support, and Web/Digital.
• Manage Web team and related security, including management of Creative & UX/UI Manager, Developers, and Engineers
• Oversee enterprise infrastructure operations, including network, server, cloud (AWS, Microsoft 365), endpoint, telephony, and physical/logical access systems, ensuring services are reliable, scalable, monitored, and secure by design.
• Lead application and ERP strategy, ensuring integrated, supportable, and secure application ecosystems aligned with evolving business processes, change management standards, and regulatory requirements.
• Oversee the technology project and program portfolio, ensuring initiatives are delivered on time, within scope, and on budget, and that security and compliance requirements are designed in from the outset.
• Evaluate emerging technologies, including artificial intelligence and automation, assess their security and business impact, and make executive recommendations on adoption, restriction, or controls.

Team & Business Management

• Build, develop, and retain a high-performing technology and cybersecurity organization, establishing clear roles, career paths, performance expectations, and succession planning.
• Mentor leaders and team, promote technical growth, monitor project execution, and ensure consistent, transparent communication with internal customers and business partners.
• Define and operate a security awareness and training program for the workforce, including role-based training, phishing simulation, escalated consequences for repeat offenders, and measurable improvement targets.
• Develop and manage consolidated technology and cybersecurity operating and capital budgets, balancing investment between run-the-business and transform-the-business priorities.
• Partner with legal counsel, outside counsel, cyber insurance carriers, and external auditors on regulatory inquiries, contractual security obligations, breach notification analysis, and evidence preservation under attorney-client privilege.
• Foster a culture of accountability, continuous improvement, responsible innovation, and disciplined documentation across the organization.

Qualifications & Core Competencies

• Demonstrated executive leadership and personnel management skills across both Information Technology and Cybersecurity functions.
• Proven experience building and operating a cybersecurity program aligned to a recognized framework such as NIST CSF 2.0, NIST 800-53, ISO 27001, or equivalent.
• Demonstrated experience leading enterprise risk management, security governance, policy development, incident response, and third-party risk management.
• Experience managing and securing enterprise-wide systems, applications, networks, identity platforms, and cloud environments, including Microsoft 365 and AWS.
• Experience overseeing infrastructure operations, including LAN/WAN, virtualization, backup and recovery, endpoint management, and core enterprise applications.
• Working knowledge of regulatory and contractual obligations relevant to a manufacturer of products, including data privacy, records retention, and customer/partner security requirements.
• Ability to develop, justify, and manage a consolidated technology and cybersecurity budget, including both operating and capital components.
• Strong interpersonal, written, and oral communication skills, with proven ability to communicate technology and risk topics to executive, legal, and board-level audiences.
• Ability to see the broader strategic picture and adjust plans to balance technical, operational, financial, legal, and reputational considerations.

Requirements

Education & Experience:

• Bachelor's degree required in computer science, cybersecurity, information systems, or a related technical field. Master's degree in information systems, cybersecurity, or an MBA is preferred.
• Industry-recognized senior cybersecurity certifications such as CISSP, CISM, CCISO, or equivalent are strongly preferred.
• Minimum of 15+ years of progressive technology and cybersecurity leadership experience, including senior-level management roles with combined accountability for IT and information security.
• Demonstrated experience leading enterprise-scale technology environments, major system implementations, and the build-out or significant maturation of a cybersecurity program.
• Proven success partnering with Legal, Compliance, Finance, and executive leadership on cyber risk, audit, and regulatory matters.
• Regular attendance is required.
• Travel between Nutramax facilities and to vendor, partner, regulator, or industry meetings as business needs require.
• Perform other duties