Director Network

Director, Network Infrastructure & Operations   Ready to build what’s next with one of the world’s most iconic brands?   Why Join Subway? At Subway, we are not standing still. We are building.   This is a business focused on what matters most: growing franchisee profitability, strengthening our brand and creating long-term value. The people who thrive here are the ones who want to make a real impact.   You will not just do the work. You will shape it.   We move fast. We think like owners. We make decisions that matter. We hold ourselves to a high standard because what we do directly impacts thousands of franchisees around the world.   If you bring energy, accountability and a bias for action, you will fit right in. We take the work seriously, but we also know the best results come from teams that support each other, celebrate wins and show up ready to build something better every day. This is your chance to be part of what’s next.   About the Role: The Director of Network is a senior technology leader responsible for the strategy, architecture, and operational excellence of Subway’s enterprise network infrastructure. Reporting to the VP of Infrastructure & Operations, this role owns the end-to-end lifecycle of WAN/LAN, SD-WAN, ZTNA, DNS, and load balancing across corporate, cloud (Azure and AWS), and franchise restaurant environments. The ideal candidate combines deep technical expertise in network engineering and multi-cloud networking with a strong infrastructure-as-code foundation, proven leadership of blended teams (FTE and managed-service providers), and the ability to translate infrastructure investments into business outcomes for a global franchise brand.   Network Strategy & Architecture Define and execute the enterprise network strategy spanning corporate WAN/LAN, SD-WAN, restaurant connectivity, data center interconnects, and cloud networking across Azure (vNET, ExpressRoute, Azure Firewall, NSGs) and AWS (Transit Gateway, VPC, Direct Connect, Security Groups). Own the ZTNA roadmap, evaluating and implementing zero trust network access solutions to replace legacy VPN architectures and align with Zero Trust principles. Design and maintain DNS, DHCP, IPAM (DDI), load balancing, and traffic management architectures to support high availability and performance across corporate and franchise environments. Partner with Cyber Security leadership to ensure network segmentation, micro-segmentation, and firewall policies meet regulatory and compliance requirements. Drive cloud-native network architecture across Azure and AWS, including hub-and-spoke topologies, shared services models, and automated network provisioning through infrastructure-as-code.   Infrastructure-as-Code & Automation Lead the adoption and maturation of Terraform as the primary tool for managing network infrastructure across cloud and on-premises environments; enforce IaC standards, module governance, and state management practices across the team. Build and maintain CI/CD pipelines for network configuration deployment using GitHub Actions or Azure DevOps, enabling automated testing, validation, and promotion of network changes. Develop automation frameworks (Python, Ansible, or equivalent) that eliminate manual operations toil, accelerate incident response, and improve consistency across the network estate. Champion an automation-first engineering culture across the network team — systematically identifying and eliminating repetitive manual tasks through scripting, tooling, and self-service capabilities. Implement automated drift detection and remediation pipelines to ensure cloud network configurations remain consistent with declared infrastructure state.   Cloud Networking Own the multi-cloud network architecture and operations across Azure and AWS, ensuring consistent security posture, routing design, and connectivity patterns across both hyperscalers. Design and manage cloud network constructs including virtual networks, peering, private endpoints, network security groups, route tables, and cloud-native firewall policies. Lead cloud network observability — implementing flow logging, network performance monitoring, and automated alerting to provide full visibility into multi-cloud traffic and anomalies. Partner with Cloud Engineering and Application teams to design scalable, secure cloud network architectures that support Subway’s cloud-first application portfolio. Drive cloud network cost optimization through right-sizing, traffic engineering, and governance of data egress patterns across Azure and AWS.   Franchise & Restaurant Network Operations Oversee network connectivity and performance for 37,000+ Subway restaurant locations globally, partnering with franchise operations teams and third-party managed network providers. Drive standardization of restaurant network architectures including POS connectivity, guest Wi-Fi, digital menu boards, and IoT device networking. Manage vendor relationships with ISPs, MSPs, and network equipment suppliers to ensure SLA adherence, cost optimization, and scalable deployment models.   Team Leadership & Vendor Management Lead and develop a high-performing blended team of FTEs and managed-service/staff augmentation resources across network engineering and network operations; set clear expectations, build accountability, and invest in team growth and career development. Manage relationships with key technology vendors and system integrators; hold vendors accountable to SOWs, SLAs, and delivery milestones. Foster a culture of operational excellence, IaC-first thinking, and continuous learning; champion adoption of AI tooling and automation practices across the team. Develop and manage the annual operating and capital budgets for network functions; track spend against forecast and identify cost optimization opportunities.   Governance, Risk & Compliance Ensure network controls satisfy SOX, PCI-DSS, GDPR, CCPA, and internal audit requirements; serve as a primary point of contact for auditors on network controls. Maintain and test disaster recovery and business continuity plans for network infrastructure. Proactively identify and mitigate risks related to network availability, lateral movement, and unauthorized access. Facilitate change advisory board (CAB) reviews for network changes; enforce change management discipline across the function.   Required Skills & Qualifications Education: Bachelor’s degree in Computer Science, Network Engineering, Cybersecurity, Information Technology, or related field. Experience: 12–15+ years in IT infrastructure or network engineering, with at least 5 years in a senior leadership role managing enterprise network functions. Experience in a multi-site franchise, retail, or QSR environment strongly preferred. Network Expertise: Deep hands-on and architectural experience with ZTNA, enterprise routing & switching (BGP, OSPF, VXLAN), and next-generation firewalls. Strong cloud networking expertise across Azure (vNET, ExpressRoute, Azure Firewall, NSGs, Application Gateway) and AWS (Transit Gateway, VPC, Direct Connect, Security Groups, AWS Network Firewall). Hands-on experience designing and operating multi-cloud network topologies at scale, including hub-and-spoke architectures and shared services models. IaC & Automation: Terraform required — demonstrated experience managing enterprise network infrastructure through Terraform at scale, including modular codebases, remote state management, and automated drift detection across multi-cloud environments. Proficiency with CI/CD pipelines for network configuration deployment (e.g., GitHub Actions, Azure DevOps). Scripting and automation experience (Python, Ansible, or equivalent) to reduce manual operations toil. Cloud Networking: Proven ability to design and operate cloud-native network architectures across Azure and AWS simultaneously. Deep understanding of cloud-native networking constructs, routing, security controls, and connectivity patterns in both hyperscalers. Experience with cloud network observability, flow logging, and automated remediation. Certifications: CCNP, CCIE, or equivalent networking certification required. Azure Network Engineer Associate (AZ-700) or AWS Advanced Networking Specialty preferred. HashiCorp Terraform Associate a plus. ITIL v4 Foundation a plus. Leadership: Proven ability to recruit, develop, and retain high-performing teams; lead blended organizations (FTE + managed services); manage multi-million-dollar budgets; and hold vendors accountable to outcomes. Demonstrated track record of building team capability and developing next-level leaders. Strong executive communication and stakeholder management skills. Soft Skills: Excellent communication across technical and executive audiences. Ability to translate complex infrastructure topics into business language. Comfortable operating in a fast-paced, franchise-driven environment with competing priorities.   Hands-On Technical Requirements Candidates must be able to demonstrate direct, hands-on experience with the following technologies — not just oversight or vendor management, but actual design, build, and operational experience: Azure Virtual Networks (VNet) — design, peering, hub-and-spoke topology, route table management, private endpoints, and service endpoints in production enterprise environments. AWS VPC — subnet design, routing, VPC peering, PrivateLink, security groups, and network ACLs across multi-account AWS environments. AWS Transit Gateway — multi-VPC and multi-account connectivity, route table segmentation, inter-region peering, and centralized inspection architectures. Network Security Groups (NSGs) — rule design, governance, and automated enforcement across Azure environments at enterprise scale. Guardicore (Akamai Segmentation) — microsegmentation policy design, ring-fencing, label-based policy enforcement, and visibility map analysis across hybrid environments. Zero Trust network access (ZTNA) — hands-on implementation and ongoing operations, not just roadmap ownership. Terraform — authoring and maintaining production-grade network infrastructure modules for both Azure and AWS; remote state, workspaces, and pipeline integration. Cloud network observability — flow logs, network watcher, traffic analytics, and automated alerting in multi-cloud environments.   Preferred Qualifications Experience in the QSR, franchise, or hospitality industry with multi-site network management at scale (10,000+ locations). Hands-on experience migrating from legacy VPN to ZTNA architectures in an enterprise environment. Terraform at scale: modular codebases, remote state management, and automated drift detection across multi-cloud environments. Experience with Zero Trust maturity frameworks (CISA, Forrester, or NIST SP 800-207) and demonstrated progress implementing Zero Trust controls. Working knowledge of PCI-DSS network segmentation requirements for payment card environments. Familiarity with AI-assisted network operations — including AIOps platforms, AI-driven anomaly detection, or the use of generative AI tooling to accelerate network automation, runbook creation, and operational troubleshooting.   What Sets This Role Apart You will own the network strategy for one of the world’s largest franchise brands, directly impacting connectivity and security for 37,000+ restaurants and a global corporate workforce. You will operate at the intersection of infrastructure, security, and franchise operations — a rare cross-functional mandate with enterprise-wide visibility. You will shape Subway’s Zero Trust and cloud networking journey — driving the transition from legacy perimeter-based models to a modern ZTNA architecture while building an infrastructure-as-code foundation that scales across Azure and AWS. You will lead a function that touches every user, every application, and every restaurant — making this one of the highest-impact infrastructure roles in the organization.   What do we offer? Insurance Plans (Medical, Life) Pension/401K/RSP (country specific) Competitive Bonus Mobility Allowance Tuition Reimbursement Company Holidays Volunteering time And More…..   Transparency Language (US & Canada Only) – DO not post this line -reference only   Compensation: The base pay range for this role is $XX annually Pay within this range will be determined in good faith based on job-related factors, which may include skills, experience, education/training, location, and internal equity.