Security Manager – IT Risk & PCI

As the Security Manager – IT Risk & PCI Compliance you will lead a team and provide hands-on leadership and strategic execution across the organization’s information security compliance and risk programs. This essential role is responsible for driving consistent, scalable execution of regulatory and assurance activities with a primary focus on PCI DSS, merchant and payment product security, policy and control governance, and audit readiness.

This position partners closely with the Security Program Director, broader security team, Technology, Finance, Legal, Regulatory Compliance, Internal Audit, and business stakeholders to translate regulatory and controls requirements into operational processes that support the business while protecting sensitive information. The Manager plays a critical role in ensuring compliance programs are sustainable, well-documented, and integrated into day-to-day operations.

Essential Functions

To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request a reasonable accommodation, notify Human Resources or the manager who oversees the position.

• Manage and lead execution of the PCI DSS compliance program, including annual scoping, assessments, remediation tracking, and ongoing compliance for Patterson business entities and payment environments.

• Perform PCI security reviews for Patterson products and merchant-facing solutions, ensuring required controls are designed, implemented, and operating effectively (e.g. payment service providers, payment platforms and solutions, merchant services).

• Serve as the primary point of coordination with external assessors, auditors, and payment stakeholders, including support for merchant auditing and payment-related compliance activities.

• Own and maintain security policies, standards, and procedures, ensuring alignment with PCI DSS, NIST CSF, ISO, SOX ITGC, and applicable regulatory requirements.

• Translate regulatory, audit, and product security requirements into operational controls and workflows, partnering with Technology and business teams to embed compliance into system design and operations.

• Ensure audit readiness and evidence integrity by maintaining clear documentation, control ownership, and tracking within GRC tooling (e.g., Vanta, ServiceNow), and driving remediation through closure.

• Accountable for setting goals, performance development, source developmental opportunities and provide long-term career guidance to team members

• Support hiring, onboarding, and development of team members as the program scales, including delegation of execution-focused work.

Additional functions

In addition to the essential functions listed above, the incumbent may perform the following additional functions.

• Provide day-to-day leadership, guidance, and mentoring to analysts and contract resources supporting compliance and audit activities.

• Contribute to cross-functional risk management activities, including issue tracking, risk acceptance support, and alignment with enterprise risk processes.

•   Support third-party security and vendor risk activities related to PCI-relevant vendors and payment partners.

• Develop and deliver compliance metrics, status reporting, and audit-readiness views for leadership and executive stakeholders.

Required Qualifications

• Bachelor’s or Master’s Degree with an emphasis in security, technology, or engineering or equivalent work experience 

• At least 6 years work experience in information technology, cyber security, or information security 

• At least 3 years of experience coaching, mentoring, and developing a team of people as a manager of people 

• Demonstrated experience owning information security compliance programs including supporting policies, standards, and procedures, to execute, maintain, and align controls to organizational needs and frameworks

• Demonstrated continuous improvement mindset, with experience designing and evolving security, compliance, and audit workflows, including leveraging GRC platforms (e.g., Vanta) to build and maintain scalable controls

Preferred Qualifications

• PCI Internal Security Assessor (ISA) (strongly preferred)

• CISSP (preferred)

The potential compensation range for this role is below. The final offer amount would be based on various factors such as candidate location (geographical labor market), experience, and skills. $109,100.00 - $136,300.00