Director, Information Security

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related field, or equivalent practical experience
• 10 or more years of progressive experience in cybersecurity, information security, technology risk, or related technology leadership roles
• Demonstrated leadership across multiple cybersecurity domains such as security operations, security engineering, vulnerability management, compliance, governance, or incident response
• Experience managing cybersecurity programs, teams, vendors, budgets, and delivery roadmaps in a complex enterprise environment
• Working knowledge of security frameworks and practices such as NIST, ISO 27001, CIS Controls, incident response, vulnerability management, identity security, cloud security, and audit support
• Effective communication skills with the ability to present operational issues, program status, and recommendations clearly to technical and nontechnical stakeholders

Nice To Haves

• Master’s degree in a relevant field
• Experience in retail, eCommerce, consumer services, or other multi-site enterprise environments
• Experience supporting regulated environments, audit programs, and external assessments
• Experience with cloud transformation, security tooling modernization, identity programs, or zero trust related initiatives

Responsibilities

• Lead execution of PetSmart’s cybersecurity program across assigned domains in alignment with enterprise strategy and CISO direction
• Develop and manage cybersecurity roadmaps, priorities, and delivery plans that support business operations, customer trust, and technology modernization
• Establish clear performance measures and operating rhythms for cybersecurity services, initiatives, and control improvement efforts
• Provide regular updates to the CISO and senior leadership on program status, operational trends, material issues, and remediation progress
• Identify risks, dependencies, and capability gaps within assigned scope and escalate material matters through established governance channels
• Promote a culture of accountability, collaboration, operational rigor, and continuous improvement across the cybersecurity team
• Lead day to day security operations including monitoring, alert triage, investigation, incident coordination, containment support, recovery follow up, and post incident improvement actions
• Oversee security monitoring capabilities to improve visibility across PetSmart’s corporate, store, distribution, and digital environments
• Maintain and mature incident response procedures, escalation paths, playbooks, and communication workflows
• Direct vulnerability management processes including identification, prioritization, reporting, and remediation coordination with technology owners
• Incorporate threat intelligence, incident trends, and control performance data into detection improvements and operational priorities
• Track and report metrics such as incident trends, response timeliness, remediation aging, and vulnerability exposure
• Lead implementation and continuous improvement of security controls across infrastructure, cloud, identity, endpoint, network, and application environments
• Partner with enterprise architecture, infrastructure, digital, and application teams to embed security requirements into technology design and delivery
• Drive execution of security engineering initiatives such as identity improvements, privileged access controls, cloud security capabilities, data protection, logging enhancements, segmentation, and automation
• Oversee evaluation, implementation, integration, and lifecycle management of security technologies within approved standards and budgets
• Define and maintain technical security standards, implementation patterns, and control expectations to support consistency and scale
• Improve engineering effectiveness by addressing control gaps, integration issues, and operational inefficiencies within cybersecurity owned solutions
• Manage the cybersecurity operating budget for assigned functions including planning, forecasting, expense tracking, and prioritization of approved investments
• Build business cases for tools, services, staffing, and capability improvements based on operational needs, control gaps, and value to the business
• Oversee vendor relationships, contract performance, licensing alignment, and managed service delivery within assigned budget authority
• Allocate resources across priorities based on business needs, operational demand, regulatory commitments, and program maturity goals
• Track financial performance against plan and identify opportunities for efficiency, consolidation, and service improvement
• Ensure cybersecurity initiatives are delivered with cost discipline, clear outcomes, and responsible stewardship of resources
• Lead and coordinate incident response activities across the organization, including investigation, containment, eradication, recovery, and post-incident improvement actions
• Serve as a key member of the Incident Response Team (IRT), providing leadership and expert guidance during cybersecurity events and operational disruptions
• Maintain and continuously improve incident response plans, escalation procedures, playbooks, and communication protocols
• Coordinate cross-functional response efforts with technology, legal, privacy, communications, and business teams to ensure effective incident handling and decision-making
• Oversee post-incident reviews to identify root causes, lessons learned, and control improvements to strengthen detection and response capabilities
• Ensure timely reporting and documentation of incidents, including impact assessment, response actions, and remediation progress
• Track and report incident response metrics such as response times, containment effectiveness, and recurring incident patterns to drive operational improvements
• Lead, coach, and develop managers and team members across assigned cybersecurity functions
• Establish clear roles, expectations, and accountability for operational support, project delivery, and service quality
• Build a high performing team culture centered on ownership, technical rigor, collaboration, and continuous learning
• Support workforce planning, succession readiness, and capability development to address evolving cybersecurity needs
• Partner with Human Resources and senior leadership on hiring, performance management, and employee engagement
• Work closely with technology, digital, legal, privacy, compliance, audit, finance, procurement, and operations teams to implement security requirements in practical and business aligned ways
• Support enterprise initiatives by advising on cybersecurity considerations, control needs, and implementation dependencies
• Provide recommendations and decision support to the CISO and senior leadership on operational risks, control gaps, resource needs, and delivery priorities within assigned scope
• Coordinate with business and technology stakeholders to improve remediation accountability, issue closure, and overall program effectiveness

Benefits

• Pet-friendly environment, bring your pets to work and enjoy the on-site dog park!
• On-Site Events & Adoptions, enjoy community-building opportunities, including pet adoption days, seasonal celebrations, family events, art events, & holiday festivals
• “Top Dog” gym with equipment, fitness classes, massage therapists, personal trainers, and wellness spaces
• “Sit & Stay” Café serving fresh breakfast and lunch options, snacks, & more
• “Lil Paws” NAEYC-accredited onsite childcare facility providing high-quality early education
• Paid Volunteer Opportunities to spend time doing good for causes close to heart
• Print Center and Business Services, Dry Cleaning, Mother's Rooms, Sustainable Infrastructure & more