Synchrony

VP, Information Security Program Manager

Synchrony$170K — $290K *
Finance & Insurance
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a related discipline and 8+ years of program/project management experience; or 12+ years of relevant experience in lieu of a degree.
  • Proven track record managing large, complex, cross-functional programs with enterprise scope.
  • Experience in regulated industries, particularly financial services, with knowledge of control and risk frameworks.
  • Working knowledge of technology delivery processes, allowing for realistic timeline setting.
  • Familiarity with core information security processes for credible coordination.
  • Experience with Agile methodologies and project management tools like Jira or Azure DevOps.
  • Exceptional communication skills, particularly in executive reporting and conflict management.

Responsibilities

  • Orchestrate daily operations of Project Meridian across all workstreams, tracking progress and milestones.
  • Enhance delivery team effectiveness by proactively resolving impediments and minimizing coordination burdens.
  • Establish and govern the program operating model, defining roles and responsibilities clearly among team members.
  • Maintain and update the integrated program roadmap, milestone plans, and RAID logs with regular reporting.
  • Manage a team of consultants, ensuring deliverables meet defined scope, quality, and timelines.
  • Track and report key performance indicators to leadership, providing timely disclosures on program health.
  • Prepare and deliver comprehensive updates to executive leadership and regulatory bodies.

Benefits

  • Flexible working arrangements with options for remote work or commuting to a nearby office.
  • Exposure to high-level executive management including direct interaction with the CISO and the Board of Directors.
  • Opportunity to lead a critical initiative in information security, impacting the organization's risk posture.
  • Career-defining role with significant enterprise visibility and the ability to influence security outcomes.
  • Professional growth in managing complex, multi-workstream programs within a highly regulated financial environment.
Full Job Description
Role Summary/Purpose:

Help Synchrony build one of the most resilient information security programs in financial services. As the Program Manager for Project Meridian, you will be the operational engine behind a high-priority, enterprise-wide security program - turning strategy into disciplined, on-time delivery across many concurrent workstreams.

Reporting directly to the Chief Information Security Officer, you will own the day-to-day orchestration of the program: maintaining the integrated roadmap, clearing the path for delivery teams, managing a dedicated team of specialist consultants, and giving leadership a single, trusted view of progress, risk, and outcomes. This is a highly visible role with direct CISO sponsorship - you will have the executive air cover to drive alignment and resolve conflict across the enterprise.

You are an experienced program manager who communicates with clarity at every level, navigates competing priorities with structure and calm, and is at your best coordinating complex work across many teams. Experience delivering in a regulated financial services environment is essential.

Why This Role Exists

Project Meridian is a strategically important, multi-workstream initiative to strengthen how Synchrony manages and reduces information security risk across the enterprise. The scope is broad and the pace is fast, and success depends on rigorous program management. This role provides that backbone - so workstream leaders

can stay focused on security delivery while you own the coordination, dependencies, reporting, and operating rhythm that keep everything moving. It is a career-defining, CISO-adjacent role with broad executive and enterprise visibility.

What Success Looks Like

  • First 90 days - an integrated roadmap, milestone plan, and RAID log are established and adopted across all workstreams, with a single, trusted status-reporting cadence in place.
  • 6 months - delivery teams experience measurably lower coordination burden; blockers are resolved quickly through a clear escalation path; consultant statements of work are tracking to scope, schedule, and budget.
  • 12 months - program milestones are met with audit-ready evidence, and leadership - and, as appropriate, regulators and the Board - have confidence in an accurate, defensible view of program progress and risk.


Essential Responsibilities:
  • Run Project Meridian day-to-day - orchestrate execution across all workstreams, keeping milestones, deliverables, and dependencies tracked, sequenced, and on course.
  • Make delivery teams more effective: proactively remove impediments, broker realistic commitments built from team capacity and change calendars, and minimize coordination overhead so teams report status once. Success is measured by blocker resolution and reduced delivery friction - not status decks alone.
  • Establish and run the program operating model - decision rights (RACI) across workstream owners and partner teams, a defined escalation ladder with target resolution times, and a single source of truth for status.
  • Build and maintain the integrated roadmap, milestone plan, and RAID log (risks, actions, issues, decisions/dependencies), with a consistent, right-sized reporting cadence (async-first; every recurring meeting justified).
  • Manage a dedicated team of specialist consultants - define scope, deliverables, and timelines; own SOWs in partnership with Sourcing/Vendor Management; hold partners accountable to quality, schedule, and budget; and ensure the consultant layer reduces, not adds, load on delivery teams.
  • Facilitate prioritization of shared consultant capacity across workstreams; reallocating capacity already committed to a workstream requires that owner's concurrence, with unresolved contention escalated to the CISO.
  • Aggregate, track, and report KPIs and program metrics - defined together with workstream owners - providing timely, accurate reporting on progress, risk, cost, and escalations to the CISO and senior leadership.
  • Protect the integrity and audit-readiness of the program record: status reflects validated reality, and no milestone is reported complete without owner-validated supporting evidence.
  • Develop and execute a proactive communication strategy for Information Security leadership, cross-functional stakeholders, and the Executive Leadership Team.
  • Coordinate program financials in partnership with Finance - tracking spend against plan and supporting forecasting and reconciliation.
  • Prepare and deliver program reporting and briefings for executive leadership and, in partnership with the CISO, for Federal Regulators and the Board of Directors - presenting program status, milestones, and delivery outcomes. (Characterization of security risk posture and any risk-acceptance decisions remain with the CISO and accountable workstream owners.)
  • Plan and orchestrate key program events and exercises (e.g., tabletop exercises) - ensuring readiness, participation, and disciplined follow-through on action items.
  • Perform other duties and/or special projects as assigned


Role Boundaries

This role coordinates, enables, and reports; it does not own security risk decisions, risk acceptance, control design, or technical remediation approaches - these remain with the accountable workstream leaders and the CISO. The Program Manager facilitates but does not gate communication between workstream owners and the CISO; workstream leaders retain a direct line to the CISO on risk matters.

Qualifications/Requirements:
  • Bachelor's degree in a related discipline and 8+ years of program/project management experience; in lieu of a degree, 12+ years of relevant program/project management experience.
  • Proven track record managing large, complex, cross-functional programs with multiple concurrent workstreams and enterprise scope.
  • Experience delivering in financial services, banking, or another highly regulated industry - including familiarity with control and risk frameworks, audit evidence, and regulatory expectations.
  • Working knowledge of technology delivery - change management and CAB processes, release cycles, maintenance/freeze windows, and the operational cost and risk of remediation/patching work - sufficient to set realistic, capacity-informed timelines and translate between security objectives and engineering reality.
  • Working knowledge of core information security processes - vulnerability remediation SLAs, compensating controls, and the security exception / risk-acceptance process - sufficient to coordinate credibly without making risk determinations.
  • Experience with Agile and Scaled Agile (SAFe) delivery and the tools delivery teams use day-to-day (e.g., Jira / Azure DevOps).
  • Excellent written and verbal communication, including executive-level reporting and presentation.
  • Demonstrated ability to manage conflict, build consensus, and influence across senior stakeholders.
  • Exceptional organization and prioritization, with the ability to keep a high volume of concurrent, complex work on track.
  • Experience managing external consultants/vendors and the associated SOWs and deliverables.
  • Comfort operating amid complexity and ambiguity; able to help teams set direction and resolve competing priorities.
  • Ability and flexibility to travel for business as required


Desired Characteristics:
  • Information security experience is beneficial but not a requirement.
  • Experience supporting regulatory or Board-level reporting in a financial services environment.
  • Experience standing up or running a program/PMO operating model (RACI, governance, reporting cadence) from the ground up.
  • Proficiency with program and portfolio tooling and executive reporting (e.g., Microsoft Project, Planner, SharePoint).


Grade/Level: 14

The salary range for this position is 170,000.00 - 290,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.

Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.

Salaries are adjusted according to market in CA, NY Metro and Seattle.

Our Way of Working:

We're proud to offer you flexibility. At Synchrony, our way of working allows you to have the option to work from home near one of our Hubs or come into one of our offices. You will be required to commute to your nearest Hub (either virtual or physical) for in-person engagement activities such as regular business or team meetings, training and culture events.

*Field Sales and some Commercial team roles may have varied location requirements based upon partner obligations or preferences.

Job Family Group:
Information Technology

About Synchrony

Synchrony (NYSE: SYF) is a leading consumer financing company at the heart of American commerce and opportunity. From health to home, auto to retail, our Synchrony products have been serving the needs of people and businesses for nearly 100 years. We provide responsible access to credit and banking products to support healthier financial lives for tens of millions of people, enabling them to access the things that matter to them. Additionally, through our innovative products and experiences, we support the growth and operations of some of the country's most respected brands, as well as more than 400,000 small and midsize businesses and health and wellness providers that Americans rely on. Synchrony is proud to be ranked as the country's #2 Best Company to Work For® by Fortune magazine and Great Place to Work®.
Learn more about Synchrony
Size
18,000 employees
Market Cap
$14.4 billion
Industry
Net Income
$1.3 billion
Founded
1993
5 Year Trend
+0.7%
NASDAQ

Similar Jobs

More Jobs at Synchrony

More Finance & Insurance Jobs

Find similar VP, Information Security Program Manager jobs: