Security Program Director

The Security Program Director leads enterprise-wide security programs, including PCI and data security, to deliver these capabilities across the organization. This role represents a senior-level position that drives organizational objectives, complex projects, and strategic initiatives through organizational influence rather than direct management of people or teams. Reporting to the VP and Chief Information Security Officer (CISO), this role collaborates closely with executives and cross-functional teams and is designated as part of the Senior Leadership Team.

Essential Functions

To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request reasonable accommodation, notify Human Resources or the manager who oversees the position.

• Accountable for developing and executing short and long-term (1-3 year) plans for complex, enterprise-wide programs with broad impact.
• Develop guidelines and processes to support strategic and operational execution. Leads strategic initiatives aligned with organizational goals, often without direct authority, through indirect leadership of cross-functional teams.

PCI Program management

• Oversee and drive the organization’s PCI compliance program, ensuring effective integration with business units, clear accountability, and consistent adherence to security standards.

• Lead the PCI program by defining and maintaining PCI scope, documenting cardholder data flows, assigning and tracking control ownership, conducting or supporting PCI control assessments, and managing remediation efforts to ensure full compliance across all business units.

• Bridge business and security by identifying PCI stakeholders, maintaining ongoing engagement, serving as the primary communication hub between business and technology teams, and providing guidance to ensure accountability and resolution of compliance issues.

• Optimize compliance operations by centralizing and maintaining PCI documentation, standardizing control processes, supporting the IT Risk and Governance team activities, establishing performance baselines, and managing the program calendar to meet compliance deadlines, reporting requirements, and milestones.

Data Security Program management

• Ensure the enterprise adopts and maintains a robust data security program protecting financial and credit cards, PII, ePHI and other sensitive information, embedding standards and controls across business units and technology, and driving consistent compliance, governance and risk management.

• Lead the data security program by defining and driving data protection standards, data classification and retention, mapping data flows, conducting or supporting control assessments and remediation efforts, and establishing standardized processes to ensure regulatory and internal compliance.

• Partners with business units and technology teams to identify data stakeholders, maintain ongoing engagement, act as the central liaison to enforce proper data handling and access controls, centralize documentation, support privacy and compliance processes such as HIPAA and other data security regulations.

Required Qualifications

• Bachelor’s with an emphasis in security, technology, or engineering, or equivalent work experience.

• At least 10 years of experience in information technology, cybersecurity, or information security

• Minimum of 6 years leading enterprise-wide security programs.

• Deep understanding of security frameworks, enterprise risk management, data protection standards, and IT infrastructure security best practices.

• Proven experience managing and implementing security programs such as PCI compliance, data security, and equivalent enterprise-wide initiatives.

• Strong knowledge of security tools, governance, compliance, and monitoring processes to drive operational maturity and program effectiveness.

• Security industry certification such as CISSP, CISM, CISA, or equivalent.

·PREFFERED Qualifications

• Master’s Degree

• At least 5 years of directly managing people.

The potential compensation range for this role is below. The final offer amount would be based on various factors such as candidate location (geographical labor market), experience, and skills. $139,200.00 - $174,000.00