VP, Information Security Program Manager

SynchronyStamford, CT
$170,000 - $290,000Hybrid

About The Position

Help Synchrony build one of the most resilient information security programs in financial services. As the Program Manager for Project Meridian, you will be the operational engine behind a high-priority, enterprise-wide security program — turning strategy into disciplined, on-time delivery across many concurrent workstreams. Reporting directly to the Chief Information Security Officer, you will own the day-to-day orchestration of the program: maintaining the integrated roadmap, clearing the path for delivery teams, managing a dedicated team of specialist consultants, and giving leadership a single, trusted view of progress, risk, and outcomes. This is a highly visible role with direct CISO sponsorship — you will have the executive air cover to drive alignment and resolve conflict across the enterprise. You are an experienced program manager who communicates with clarity at every level, navigates competing priorities with structure and calm, and is at your best coordinating complex work across many teams. Experience delivering in a regulated financial services environment is essential. Why This Role Exists Project Meridian is a strategically important, multi-workstream initiative to strengthen how Synchrony manages and reduces information security risk across the enterprise. The scope is broad and the pace is fast, and success depends on rigorous program management. This role provides that backbone — so workstream leaders can stay focused on security delivery while you own the coordination, dependencies, reporting, and operating rhythm that keep everything moving. It is a career-defining, CISO-adjacent role with broad executive and enterprise visibility. What Success Looks Like First 90 days — an integrated roadmap, milestone plan, and RAID log are established and adopted across all workstreams, with a single, trusted status-reporting cadence in place. 6 months — delivery teams experience measurably lower coordination burden; blockers are resolved quickly through a clear escalation path; consultant statements of work are tracking to scope, schedule, and budget. 12 months — program milestones are met with audit-ready evidence, and leadership — and, as appropriate, regulators and the Board — have confidence in an accurate, defensible view of program progress and risk.

Requirements

  • Bachelor’s degree in a related discipline and 8+ years of program/project management experience; in lieu of a degree, 12+ years of relevant program/project management experience.
  • Proven track record managing large, complex, cross-functional programs with multiple concurrent workstreams and enterprise scope.
  • Experience delivering in financial services, banking, or another highly regulated industry — including familiarity with control and risk frameworks, audit evidence, and regulatory expectations.
  • Working knowledge of technology delivery — change management and CAB processes, release cycles, maintenance/freeze windows, and the operational cost and risk of remediation/patching work — sufficient to set realistic, capacity-informed timelines and translate between security objectives and engineering reality.
  • Working knowledge of core information security processes — vulnerability remediation SLAs, compensating controls, and the security exception / risk-acceptance process — sufficient to coordinate credibly without making risk determinations.
  • Experience with Agile and Scaled Agile (SAFe) delivery and the tools delivery teams use day-to-day (e.g., Jira / Azure DevOps).
  • Excellent written and verbal communication, including executive-level reporting and presentation.
  • Demonstrated ability to manage conflict, build consensus, and influence across senior stakeholders.
  • Exceptional organization and prioritization, with the ability to keep a high volume of concurrent, complex work on track.
  • Experience managing external consultants/vendors and the associated SOWs and deliverables.
  • Comfort operating amid complexity and ambiguity; able to help teams set direction and resolve competing priorities.
  • Ability and flexibility to travel for business as required

Nice To Haves

  • Information security experience is beneficial but not a requirement.
  • Experience supporting regulatory or Board-level reporting in a financial services environment.
  • Experience standing up or running a program/PMO operating model (RACI, governance, reporting cadence) from the ground up.
  • Proficiency with program and portfolio tooling and executive reporting (e.g., Microsoft Project, Planner, SharePoint).

Responsibilities

  • Run Project Meridian day-to-day — orchestrate execution across all workstreams, keeping milestones, deliverables, and dependencies tracked, sequenced, and on course.
  • Make delivery teams more effective: proactively remove impediments, broker realistic commitments built from team capacity and change calendars, and minimize coordination overhead so teams report status once. Success is measured by blocker resolution and reduced delivery friction — not status decks alone.
  • Establish and run the program operating model — decision rights (RACI) across workstream owners and partner teams, a defined escalation ladder with target resolution times, and a single source of truth for status.
  • Build and maintain the integrated roadmap, milestone plan, and RAID log (risks, actions, issues, decisions/dependencies), with a consistent, right-sized reporting cadence (async-first; every recurring meeting justified).
  • Manage a dedicated team of specialist consultants — define scope, deliverables, and timelines; own SOWs in partnership with Sourcing/Vendor Management; hold partners accountable to quality, schedule, and budget; and ensure the consultant layer reduces, not adds, load on delivery teams.
  • Facilitate prioritization of shared consultant capacity across workstreams; reallocating capacity already committed to a workstream requires that owner’s concurrence, with unresolved contention escalated to the CISO.
  • Aggregate, track, and report KPIs and program metrics — defined together with workstream owners — providing timely, accurate reporting on progress, risk, cost, and escalations to the CISO and senior leadership.
  • Protect the integrity and audit-readiness of the program record: status reflects validated reality, and no milestone is reported complete without owner-validated supporting evidence.
  • Develop and execute a proactive communication strategy for Information Security leadership, cross-functional stakeholders, and the Executive Leadership Team.
  • Coordinate program financials in partnership with Finance — tracking spend against plan and supporting forecasting and reconciliation.
  • Prepare and deliver program reporting and briefings for executive leadership and, in partnership with the CISO, for Federal Regulators and the Board of Directors — presenting program status, milestones, and delivery outcomes. (Characterization of security risk posture and any risk-acceptance decisions remain with the CISO and accountable workstream owners.)
  • Plan and orchestrate key program events and exercises (e.g., tabletop exercises) — ensuring readiness, participation, and disciplined follow-through on action items.
  • Perform other duties and/or special projects as assigned

Benefits

  • annual bonus based on individual and company performance
  • option to work from home near one of our Hubs or come into one of our offices
  • support and encouragement at all levels of the organization
  • tools and technology to grow your career
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service