Sr. Vice President of Technology

Nutramax desires to provide a drug-free, healthful, and safe workplace. We hold a zero-tolerance policy for drug use. Employment is contingent upon successfully passing a preemployment background check and drug screen (subject to applicable law).

The hours for this position are Monday - Friday 8:30am - 5:00pm.

This role is 100% on site in Lancaster, SC.

The Senior Vice President of Technology is Nutramax Laboratories' senior-most technology and information security executive, accountable for the protection, resilience, and reliability of the organization's information assets, systems, and digital operations. Reporting directly to the Chief Operating Officer, this role unifies Information Technology, Cybersecurity, Infrastructure, Applications, ERP, Desktop Support, and the Web and Digital function under a single executive.

This position exercises the responsibilities, authority, and accountability of a security leader while also owning the enterprise Information Technology function. The role partners closely with Legal, Finance, Commercial, Quality, and Operations to deliver technology and security outcomes that enable business growth, protect regulated data, support audit readiness, and reduce enterprise risk in a manner aligned to the NIST Cybersecurity Framework (CSF) 2.0.

• Define and execute the enterprise technology and cybersecurity strategy, ensuring alignment with Nutramax's business objectives, regulatory position, and long-term organizational vision.
• Serve as the senior executive accountable for the confidentiality, integrity, and availability of Nutramax's information assets, regulated data, and operating environments across on-premises, cloud, and digital channels.
• Establish and operate a formal cybersecurity governance program aligned to the NIST Cybersecurity Framework (CSF) 2.0, including documented policies, standards, procedures, and measurable controls across the Govern, Identify, Protect, Detect, Respond, and Recover functions.
• Own enterprise cyber risk management, including risk identification, risk acceptance, exception handling, executive reporting, and the maintenance of a current risk register reviewed with the Chief Operating Officer and executive leadership on a defined cadence.
• Serve as a trusted advisor to the Chief Operating Officer and executive leadership on technology, digital transformation, cyber risk, and regulatory exposure.

• Lead the development, approval, communication, and enforcement of all information security and acceptable use policies, ensuring policies are reviewed at least annually and remain consistent with legal, regulatory, and contractual obligations.
• Establish and mature data classification, data handling, and data loss prevention program, ensuring regulated and sensitive data is identified, labeled, protected, and retained in accordance with policy.
• Direct the identity and access management program, including privileged access management, just-in-time administrative access, least-privilege enforcement, multi-factor authentication, and a repeatable access review and recertification cadence across on-premises and cloud environments.
• Oversee vulnerability management, penetration testing, configuration auditing, and remediation tracking for AWS, Microsoft 365, internal networks, endpoints, and externally exposed assets, ensuring findings are prioritized by risk and closed within defined service‑level expectations.
• Establish a third‑party and supply chain cyber risk program, including security review of new vendors, contractual security requirements, periodic re‑assessment of critical suppliers, and remediation of identified third‑party risks.

• Own incident response readiness, including the incident response plan, executive escalation paths, law enforcement and regulatory notification contacts, third‑party retainers, tabletop exercises, and post‑incident lessons learned.
• Serve as the senior technical incident commander during cybersecurity events, partnering with the legal counsel to preserve…