Director, Cybersecurity

About Lovesac

We are a young-at-heart, fast-growing furniture company, dedicated to helping people fill their homes with Total Comfort™. We do this by designing and innovating furniture solutions that are adaptable, washable, expandable, and delivered right-to-your-door-able, allowing our customers to live the life they want to live. 

Our Designed for Life mission started with Sacs, a seat so much better than your classic beanbag made with repurposed Durafoam and designed to reduce environmental impact while providing unimaginable, cloud-like comfort. From there, we expanded the possibility for sustainable furniture with Sactionals, a customizable modular sectional that can be endlessly rearranged to evolve with you. Our product line has grown a lot since our Sacs days, but our goal will always remain the same – to create truly adaptable, comfortable furniture that can be with you for life.

About our Culture

At Lovesac, we strive to be an employer of choice by embodying a culture that encourages team members to think and dream big. We call this Top Ambition. We aim to not only excel within our industry but also make a meaningful impact on the world. Above all else, we’re driven by love (because it matters) and are dedicated to promoting love and happiness in all aspects of our work. It’s about success, of course, but it’s also about making a positive impact on everyone our business touches.  

About the Role

As the Director, Cybersecurity, you will lead the vision, strategy, and execution of the organization’s cybersecurity program. This executive role is responsible for safeguarding IT systems, infrastructure, and data against cyber threats, ensuring compliance, and driving a culture of security across the enterprise. You will collaborate with senior leadership, business units, and external partners to align cybersecurity initiatives with organizational goals.

This position is remote and will report into Lovesac Corporate HUB based in Stamford, CT. Candidates must fully reside in the United States at all times during employment and should have the ability to travel as needed.

What You’ll Do

Strategy & Leadership

• Develop and execute a comprehensive cybersecurity strategy aligned with business objectives and regulatory requirements.
• Communicate the cybersecurity vision and strategy across the organization; motivate teams to achieve high standards of security and compliance.
• Lead, mentor, and develop a high-performing cybersecurity team; foster a culture of innovation, accountability, and continuous learning.
• Provide regular updates to executive leadership and the Board on cybersecurity posture, risks, and mitigation strategies.

Risk Management & Compliance

• Oversee risk assessments, incident response, and vulnerability management programs.
• Ensure operational compliance with relevant external regulations (e.g., GDPR, CCPA, SOX) and internal policies.
• Lead the development and implementation of cybersecurity policies, procedures, and guidelines.
• Oversee third-party/vendor risk management and supply chain security.
• Ensure alignment with industry standards such as NIST CSF and PCI DSS.

Technical Oversight

• Manage and maintain cybersecurity systems, infrastructure, and tools to protect against cyberattacks, intrusions, malware, and data breaches.
• Horizon scanning: Identify emerging threats, technologies, and trends; evaluate their impact and recommend proactive measures.
• Oversee security architecture, network security, endpoint protection, and identity management.
• Lead adoption of cloud security best practices and zero trust principles.
• Drive integration of security into digital transformation initiatives and secure software development lifecycle (SDLC).

Business Partnership & Stakeholder Engagement

• Collaborate with IT, business units, and executive leadership to integrate cybersecurity into digital transformation initiatives.
• Engage with stakeholders to understand needs, communicate risks, and drive adoption of security best practices.
• Lead cross-functional teams in incident response, crisis management, and business continuity planning.
• Serve as executive lead during major security incidents; oversee root cause analysis and lessons learned.

Performance & Financial Management

• Set and monitor performance objectives for the cybersecurity team and vendors; report on key metrics and outcomes.
• Manage departmental budgets, resource allocation, and vendor relationships.
• Continuously assess and improve organizational capability, readiness, and maturity in cybersecurity.
• Establish and track KPIs, KRIs, and maturity models to measure program effectiveness and ROI on security investments.