Director, Information Security

Director of Information Security

It's an exciting time in technology, and that buzz is felt throughout PetSmart! We are continuing to grow at a faster pace and we want to continue to provide best-in-class experiences for pets and pet parents.

Our Technology team has 6 different departments: Information Security, Service Delivery, Business Enabling Systems, eCommerce & Marketing Technology, Data and Stores, Services & Supply Chain.

Whether it's online or in our stores, the work that the IT team does is instrumental in PetSmart's success. We have a strategic and actionable plan underway and are looking for associates who are just as excited about it as we are.

The Director of Information Security leads execution of PetSmart's cybersecurity program across security operations, security engineering, compliance support, and related governance activities. Reporting to the CISO, this role is responsible for building, maturing, and managing cybersecurity capabilities that protect PetSmart's systems, data, business operations, digital platforms, and customer trust.

This leader translates enterprise security strategy into practical roadmaps, operating processes, and measurable outcomes. The role partners closely with technology, legal, privacy, compliance, internal audit, finance, and business leaders to strengthen detection and response capabilities, improve security engineering practices, support regulatory and policy requirements, and ensure disciplined management of cybersecurity resources and investments.

This role focuses on cybersecurity program leadership, operational execution, control effectiveness, and continuous improvement while supporting enterprise priorities, governance practices, and the PetSmart's broader security and risk management objectives.

Program Leadership:

• Lead execution of PetSmart's cybersecurity program across assigned domains in alignment with enterprise strategy and CISO direction
• Develop and manage cybersecurity roadmaps, priorities, and delivery plans that support business operations, customer trust, and technology modernization
• Establish clear performance measures and operating rhythms for cybersecurity services, initiatives, and control improvement efforts
• Provide regular updates to the CISO and senior leadership on program status, operational trends, material issues, and remediation progress
• Identify risks, dependencies, and capability gaps within assigned scope and escalate material matters through established governance channels
• Promote a culture of accountability, collaboration, operational rigor, and continuous improvement across the cybersecurity team

Security Operations:

• Lead day to day security operations including monitoring, alert triage, investigation, incident coordination, containment support, recovery follow up, and post incident improvement actions
• Oversee security monitoring capabilities to improve visibility across PetSmart's corporate, store, distribution, and digital environments
• Maintain and mature incident response procedures, escalation paths, playbooks, and communication workflows
• Direct vulnerability management processes including identification, prioritization, reporting, and remediation coordination with technology owners
• Incorporate threat intelligence, incident trends, and control performance data into detection improvements and operational priorities
• Track and report metrics such as incident trends, response timeliness, remediation aging, and vulnerability exposure

Security Engineering:

• Lead implementation and continuous improvement of security controls across infrastructure, cloud, identity, endpoint, network, and application environments
• Partner with enterprise architecture, infrastructure, digital, and application teams to embed security requirements into technology design and delivery
• Drive execution of security engineering initiatives such as identity improvements, privileged access controls, cloud security capabilities, data protection, logging enhancements, segmentation, and automation
• Oversee evaluation, implementation, integration, and lifecycle management of security technologies within approved standards and budgets
• Define and maintain technical security standards, implementation patterns, and control expectations to support consistency and scale
• Improve engineering effectiveness by addressing control gaps, integration issues, and operational inefficiencies within cybersecurity owned solutions

Program Financials and Resource Management:

• Manage the cybersecurity operating budget for assigned functions including planning, forecasting, expense tracking, and prioritization of approved investments
• Build business cases for tools, services, staffing, and capability improvements based on operational needs, control gaps, and value to the business
• Oversee vendor relationships, contract performance, licensing alignment, and managed service delivery within assigned budget authority
• Allocate resources across priorities based on business needs, operational demand, regulatory commitments, and program maturity goals
• Track financial performance against plan and identify opportunities for efficiency, consolidation, and service improvement
• Ensure cybersecurity initiatives are delivered with cost discipline, clear outcomes, and responsible stewardship of resources

Incident Response Team Member:

• Lead and coordinate incident response activities across the organization, including investigation, containment, eradication, recovery, and post-incident improvement actions
• Serve as a key member of the Incident Response Team (IRT), providing leadership and expert guidance during cybersecurity events and operational disruptions
• Maintain and continuously improve incident response plans, escalation procedures, playbooks, and communication protocols
• Coordinate cross-functional response efforts with technology, legal, privacy, communications, and business teams to ensure effective incident handling and decision-making
• Oversee post-incident reviews to identify root causes, lessons learned, and control improvements to strengthen detection and response capabilities
• Ensure timely reporting and documentation of incidents, including impact assessment, response actions, and remediation progress
• Track and report incident response metrics such as response times, containment effectiveness, and recurring incident patterns to drive operational improvements

Team Leadership and Talent Development:

• Lead, coach, and develop managers and team members across assigned cybersecurity functions
• Establish clear roles, expectations, and accountability for operational support, project delivery, and service quality
• Build a high performing team culture centered on ownership, technical rigor, collaboration, and continuous learning
• Support workforce planning, succession readiness, and capability development to address evolving cybersecurity needs
• Partner with Human Resources and senior leadership on hiring, performance management, and employee engagement

Cross Functional Partnership:

• Work closely with technology, digital, legal, privacy, compliance, audit, finance, procurement, and operations teams to implement security requirements in practical and business aligned ways
• Support enterprise initiatives by advising on cybersecurity considerations, control needs, and implementation dependencies
• Provide recommendations and decision support to the CISO and senior leadership on operational risks, control gaps, resource needs, and delivery priorities within assigned scope
• Coordinate with business and technology stakeholders to improve remediation accountability, issue closure, and overall program effectiveness

Required:

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related field, or equivalent practical experience
• 10 or more years of progressive experience in cybersecurity, information security, technology risk, or related technology leadership roles
• Demonstrated leadership across multiple cybersecurity domains such as security operations, security engineering, vulnerability management, compliance, governance, or incident response
• Experience managing cybersecurity programs, teams, vendors, budgets, and delivery roadmaps in a complex enterprise environment
• Working knowledge of security frameworks and practices such as NIST, ISO 27001, CIS Controls, incident response, vulnerability management, identity security, cloud security, and audit support
• Effective communication skills with the ability to present operational issues, program status, and recommendations clearly to technical and nontechnical stakeholders

Preferred:

• Master's degree in a relevant field
• Experience in retail, eCommerce, consumer services, or other multi-site enterprise environments
• Experience supporting regulated environments, audit programs, and external assessments
• Experience with cloud transformation, security tooling modernization, identity programs, or zero trust related initiatives

Additional Job Considerations:

• This role requires collaboration, teamwork, and face-to-face interaction with colleagues, leaders, and/or clients.
• Being in the office ensures access to leaders, cross-functional partners, and resources necessary to make timely decisions and drive results.
• On-site presence in accordance with our FlexSmart policy supports our culture of innovation, mentorship, and engagement, which is integral to our success in developing the best team.

At PetSmart, Anything for Pets begins with our people. Every associate plays a vital role in creating meaningful experiences for pets and their families, and we empower our teams with the tools, resources, and opportunities to grow and succeed.

We're more than a workplace, we're Team PetSmart. Together, we grow, collaborate, and challenge ourselves to be the best in all