Role Summary/Purpose:Help Synchrony build one of the most resilient information security programs in financial services. As the Program Manager for Project Meridian, you will be the operational engine behind a high-priority, enterprise-wide security program - turning strategy into disciplined, on-time delivery across many concurrent workstreams.
Reporting directly to the Chief Information Security Officer, you will own the day-to-day orchestration of the program: maintaining the integrated roadmap, clearing the path for delivery teams, managing a dedicated team of specialist consultants, and giving leadership a single, trusted view of progress, risk, and outcomes. This is a highly visible role with direct CISO sponsorship - you will have the executive air cover to drive alignment and resolve conflict across the enterprise.
You are an experienced program manager who communicates with clarity at every level, navigates competing priorities with structure and calm, and is at your best coordinating complex work across many teams. Experience delivering in a regulated financial services environment is essential.
Why This Role ExistsProject Meridian is a strategically important, multi-workstream initiative to strengthen how Synchrony manages and reduces information security risk across the enterprise. The scope is broad and the pace is fast, and success depends on rigorous program management. This role provides that backbone - so workstream leaders
can stay focused on security delivery while you own the coordination, dependencies, reporting, and operating rhythm that keep everything moving. It is a career-defining, CISO-adjacent role with broad executive and enterprise visibility.
What Success Looks Like- First 90 days - an integrated roadmap, milestone plan, and RAID log are established and adopted across all workstreams, with a single, trusted status-reporting cadence in place.
- 6 months - delivery teams experience measurably lower coordination burden; blockers are resolved quickly through a clear escalation path; consultant statements of work are tracking to scope, schedule, and budget.
- 12 months - program milestones are met with audit-ready evidence, and leadership - and, as appropriate, regulators and the Board - have confidence in an accurate, defensible view of program progress and risk.
Essential Responsibilities:- Run Project Meridian day-to-day - orchestrate execution across all workstreams, keeping milestones, deliverables, and dependencies tracked, sequenced, and on course.
- Make delivery teams more effective: proactively remove impediments, broker realistic commitments built from team capacity and change calendars, and minimize coordination overhead so teams report status once. Success is measured by blocker resolution and reduced delivery friction - not status decks alone.
- Establish and run the program operating model - decision rights (RACI) across workstream owners and partner teams, a defined escalation ladder with target resolution times, and a single source of truth for status.
- Build and maintain the integrated roadmap, milestone plan, and RAID log (risks, actions, issues, decisions/dependencies), with a consistent, right-sized reporting cadence (async-first; every recurring meeting justified).
- Manage a dedicated team of specialist consultants - define scope, deliverables, and timelines; own SOWs in partnership with Sourcing/Vendor Management; hold partners accountable to quality, schedule, and budget; and ensure the consultant layer reduces, not adds, load on delivery teams.
- Facilitate prioritization of shared consultant capacity across workstreams; reallocating capacity already committed to a workstream requires that owner's concurrence, with unresolved contention escalated to the CISO.
- Aggregate, track, and report KPIs and program metrics - defined together with workstream owners - providing timely, accurate reporting on progress, risk, cost, and escalations to the CISO and senior leadership.
- Protect the integrity and audit-readiness of the program record: status reflects validated reality, and no milestone is reported complete without owner-validated supporting evidence.
- Develop and execute a proactive communication strategy for Information Security leadership, cross-functional stakeholders, and the Executive Leadership Team.
- Coordinate program financials in partnership with Finance - tracking spend against plan and supporting forecasting and reconciliation.
- Prepare and deliver program reporting and briefings for executive leadership and, in partnership with the CISO, for Federal Regulators and the Board of Directors - presenting program status, milestones, and delivery outcomes. (Characterization of security risk posture and any risk-acceptance decisions remain with the CISO and accountable workstream owners.)
- Plan and orchestrate key program events and exercises (e.g., tabletop exercises) - ensuring readiness, participation, and disciplined follow-through on action items.
- Perform other duties and/or special projects as assigned
Role BoundariesThis role coordinates, enables, and reports; it does not own security risk decisions, risk acceptance, control design, or technical remediation approaches - these remain with the accountable workstream leaders and the CISO. The Program Manager facilitates but does not gate communication between workstream owners and the CISO; workstream leaders retain a direct line to the CISO on risk matters.
Qualifications/Requirements:- Bachelor's degree in a related discipline and 8+ years of program/project management experience; in lieu of a degree, 12+ years of relevant program/project management experience.
- Proven track record managing large, complex, cross-functional programs with multiple concurrent workstreams and enterprise scope.
- Experience delivering in financial services, banking, or another highly regulated industry - including familiarity with control and risk frameworks, audit evidence, and regulatory expectations.
- Working knowledge of technology delivery - change management and CAB processes, release cycles, maintenance/freeze windows, and the operational cost and risk of remediation/patching work - sufficient to set realistic, capacity-informed timelines and translate between security objectives and engineering reality.
- Working knowledge of core information security processes - vulnerability remediation SLAs, compensating controls, and the security exception / risk-acceptance process - sufficient to coordinate credibly without making risk determinations.
- Experience with Agile and Scaled Agile (SAFe) delivery and the tools delivery teams use day-to-day (e.g., Jira / Azure DevOps).
- Excellent written and verbal communication, including executive-level reporting and presentation.
- Demonstrated ability to manage conflict, build consensus, and influence across senior stakeholders.
- Exceptional organization and prioritization, with the ability to keep a high volume of concurrent, complex work on track.
- Experience managing external consultants/vendors and the associated SOWs and deliverables.
- Comfort operating amid complexity and ambiguity; able to help teams set direction and resolve competing priorities.
- Ability and flexibility to travel for business as required
Desired Characteristics:- Information security experience is beneficial but not a requirement.
- Experience supporting regulatory or Board-level reporting in a financial services environment.
- Experience standing up or running a program/PMO operating model (RACI, governance, reporting cadence) from the ground up.
- Proficiency with program and portfolio tooling and executive reporting (e.g., Microsoft Project, Planner, SharePoint).
Grade/Level: 14The salary range for this position is
170,000.00 - 290,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Our Way of Working:We're proud to offer you flexibility. At Synchrony, our way of working allows you to have the option to work from home near one of our Hubs or come into one of our offices. You will be required to commute to your nearest Hub (either virtual or physical) for in-person engagement activities such as regular business or team meetings, training and culture events.
*Field Sales and some Commercial team roles may have varied location requirements based upon partner obligations or preferences.
Job Family Group:Information Technology