VP, Information Security Program Manager
Listed on 2026-07-14
-
IT/Tech
IT Project Manager
Role Summary / Purpose
Help Synchrony build one of the most resilient information security programs in financial services. As the Program Manager for Project Meridian, you will be the operational engine behind a high‑priority, enterprise‑wide security program — turning strategy into disciplined, on‑time delivery across many concurrent work streams. Reporting directly to the Chief Information Security Officer, you will own the day‑to‑day orchestration of the program: maintaining the integrated roadmap, clearing the path for delivery teams, managing a dedicated team of specialist consultants, and giving leadership a single, trusted view of progress, risk, and outcomes.
This is a highly visible role with direct CISO sponsorship — you will have the executive air cover to drive alignment and resolve conflict across the enterprise.
- First 90 days — an integrated roadmap, milestone plan, and RAID log are established and adopted across all work streams, with a single, trusted status‑reporting cadence in place.
- 6 months — delivery teams experience measurably lower coordination burden; blockers are resolved quickly through a clear escalation path; consultant statements of work are tracking to scope, schedule, and budget.
- 12 months — program milestones are met with audit‑ready evidence, and leadership — and, as appropriate, regulators and the Board — have confidence in an accurate, defensible view of program progress and risk.
- Run Project Meridian day‑to‑day — orchestrate execution across all work streams, keeping milestones, deliverables, and dependencies tracked, sequenced, and on course.
- Make delivery teams more effective: proactively remove impediments, broker realistic commitments built from team capacity and change calendars, and minimize coordination overhead so teams report status once.
- Establish and run the program operating model — decision rights (RACI) across workstream owners and partner teams, a defined escalation ladder with target resolution times, and a single source of truth for status.
- Build and maintain the integrated roadmap, milestone plan, and RAID log (risks, actions, issues, decisions/dependencies), with a consistent, right‑sized reporting cadence (async‑first; every recurring meeting justified).
- Manage a dedicated team of specialist consultants — define scope, deliverables, and timelines; own SOWs in partnership with Sourcing/Vendor Management; hold partners accountable to quality, schedule, and budget; and ensure the consultant layer reduces, not adds, load on delivery teams.
- Facilitate prioritization of shared consultant capacity across work streams; reallocating capacity already committed to a workstream requires that owner’s concurrence, with unresolved contention escalated to the CISO.
- Aggregate, track, and report KPIs and program metrics — defined together with workstream owners — providing timely, accurate reporting on progress, risk, cost, and escalations to the CISO and senior leadership.
- Protect the integrity and audit‑readiness of the program record: status reflects validated reality, and no milestone is reported complete without owner‑validated supporting evidence.
- Develop and execute a proactive communication strategy for Information Security leadership, cross‑functional stakeholders, and the Executive Leadership Team.
- Coordinate program financials in partnership with Finance — tracking spend against plan and supporting forecasting and reconciliation.
- Prepare and deliver program reporting and briefings for executive leadership and, in partnership with the CISO, for Federal Regulators and the Board of Directors — presenting program status, milestones, and delivery outcomes.
- Plan and orchestrate key program events and exercises (e.g., tabletop exercises) — ensuring readiness, participation, and disciplined follow‑through on action items.
- Perform other duties and/or special projects as assigned.
This role coordinates, enables, and reports; it does not own security risk decisions, risk acceptance, control design, or technical remediation approaches — these remain with the accountable workstream leaders and the CISO. The…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).