Director, Information Security

It’s an exciting time in technology, and that buzz is felt throughout PetSmart! We are continuing to grow at a faster pace and we want to continue to provide best-in-class experiences for pets and pet parents.

Our Technology team has 6 different departments: Information Security, Service Delivery, Business Enabling Systems, eCommerce & Marketing Technology, Data and Stores, Services & Supply Chain.

Whether it’s online or in our stores, the work that the IT team does is instrumental in PetSmart’s success. We have a strategic and actionable plan underway and are looking for associates who are just as excited about it as we are.

Collaborative Work Environment:
At PetSmart, teamwork and connection are core to how we thrive. This role is based at our Phoenix Home Office, with an expectation of working a minimum of four days in the office each week. In a standard work week, associates may work up to one remote “flex day” (with leader approval). Our hybrid approach is designed to foster strong collaboration while also supporting flexibility and individual success.

The Director of Information Security leads execution of PetSmart’s cybersecurity program across security operations, security engineering, compliance support, and related governance activities. Reporting to the CISO, this role is responsible for building, maturing, and managing cybersecurity capabilities that protect PetSmart’s systems, data, business operations, digital platforms, and customer trust.

This leader translates enterprise security strategy into practical roadmaps, operating processes, and measurable outcomes. The role partners closely with technology, legal, privacy, compliance, internal audit, finance, and business leaders to strengthen detection and response capabilities, improve security engineering practices, support regulatory and policy requirements, and ensure disciplined management of cybersecurity resources and investments.

This role focuses on cybersecurity program leadership, operational execution, control effectiveness, and continuous improvement while supporting enterprise priorities, governance practices, and the PetSmart’s broader security and risk management objectives.

Program Leadership:
• Lead execution of PetSmart’s cybersecurity program across assigned domains in alignment with enterprise strategy and CISO direction
• Develop and manage cybersecurity roadmaps, priorities, and delivery plans that support business operations, customer trust, and technology modernization
• Establish clear performance measures and operating rhythms for cybersecurity services, initiatives, and control improvement efforts
• Provide regular updates to the CISO and senior leadership on program status, operational trends, material issues, and remediation progress
• Identify risks, dependencies, and capability gaps within assigned scope and escalate material matters through established governance channels
• Promote a culture of accountability, collaboration, operational rigor, and continuous improvement across the cybersecurity team

Security Operations:
• Lead day to day security operations including monitoring, alert triage, investigation, incident coordination, containment support, recovery follow up, and post incident improvement actions
• Oversee security monitoring capabilities to improve visibility across PetSmart’s corporate, store, distribution, and digital environments
• Maintain and mature incident response procedures, escalation paths, playbooks, and communication workflows
• Direct vulnerability management processes including identification, prioritization, reporting, and remediation coordination with technology owners
• Incorporate threat intelligence, incident trends, and control performance data into detection improvements and operational priorities
• Track and report metrics such as incident trends, response timeliness, remediation aging, and vulnerability exposure

Security Engineering:
• Lead implementation and continuous improvement of security controls across infrastructure, cloud, identity, endpoint, network, and application environments
• Partner with enterprise architecture, infrastructure, digital, and application teams to embed security requirements into technology design and delivery
• Drive execution of security engineering initiatives such as identity improvements, privileged access controls, cloud security capabilities, data protection, logging enhancements, segmentation, and automation
• Oversee evaluation, implementation, integration, and lifecycle management of security technologies within approved standards and budgets
• Define and maintain technical security standards, implementation patterns, and control expectations to support consistency and scale
• Improve engineering effectiveness by addressing control gaps, integration issues, and operational inefficiencies within cybersecurity owned solutions

Program Financials and Resource Management:
• Manage the cybersecurity operating budget for assigned functions including planning, forecasting, expense tracking, and prioritization of approved investments
• Build business cases for tools, services, staffing, and capability improvements based on operational needs, control gaps, and value to the business
• Oversee vendor relationships, contract performance, licensing alignment, and managed service delivery within assigned budget authority
• Allocate resources across priorities based on business needs, operational demand, regulatory commitments, and program maturity goals
• Track financial performance against plan and identify opportunities for efficiency, consolidation, and service improvement
• Ensure cybersecurity initiatives are delivered with cost discipline, clear outcomes, and responsible stewardship of resources

Incident response team member:
• Lead and coordinate incident response activities across the organization, including investigation, containment, eradication, recovery, and post-incident improvement actions
• Serve as a key member of the Incident Response Team (IRT), providing leadership and expert guidance during cybersecurity events and operational disruptions
• Maintain and continuously improve incident response plans, escalation procedures, playbooks, and communication protocols
• Coordinate cross-functional response efforts with technology, legal, privacy, communications, and business teams to ensure effective incident handling and decision-making
• Oversee post-incident reviews to identify root causes, lessons learned, and control improvements to strengthen detection and response capabilities
• Ensure timely reporting and documentation of incidents, including impact assessment, response actions, and remediation progress
• Track and report incident response metrics such as response times, containment effectiveness, and recurring incident patterns to drive operational improvements

Team Leadership and Talent Development:
• Lead, coach, and develop managers and team members across assigned cybersecurity functions
• Establish clear roles, expectations, and accountability for operational support, project delivery, and service quality
• Build a high performing team culture centered on ownership, technical rigor, collaboration, and continuous learning
• Support workforce planning, succession readiness, and capability development to address evolving cybersecurity needs
• Partner with Human Resources and senior leadership on hiring, performance management, and employee engagement
Cross Functional Partnership:
• Work closely with technology, digital, legal, privacy, compliance, audit, finance, procurement, and operations teams to implement security requirements in practical and business aligned ways
• Support enterprise initiatives by advising on cybersecurity considerations, control needs, and implementation dependencies
• Provide recommendations and decision support to the CISO and senior leadership on operational risks, control gaps, resource needs, and delivery priorities within assigned scope
• Coordinate with business and technology stakeholders to improve remediation accountability, issue closure, and overall program effectiveness

Required

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related field, or equivalent practical experience
• 10 or more years of progressive experience in cybersecurity, information security, technology risk, or related technology leadership roles
• Demonstrated leadership across multiple cybersecurity domains such as security operations, security engineering, vulnerability management, compliance, governance, or incident response
• Experience managing cybersecurity programs, teams, vendors, budgets, and delivery roadmaps in a complex enterprise environment
• Working knowledge of security frameworks and practices such as NIST, ISO 27001, CIS Controls, incident response, vulnerability management, identity security, cloud security, and audit support
• Effective communication skills with the ability to present operational issues, program status, and recommendations clearly to technical and nontechnical stakeholders

Preferred

• Master’s degree in a relevant field
• Experience in retail, eCommerce, consumer services, or other multi-site enterprise environments
• Experience supporting regulated environments, audit programs, and external assessments
• Experience with cloud transformation, security tooling modernization, identity programs, or zero trust related initiatives

• This role requires collaboration, teamwork, and face-to-face interaction with colleagues, leaders, and/or clients.
• Being in the office ensures access to leaders, cross-functional partners, and resources necessary to make timely decisions and drive results.
• On-site presence in accordance with our FlexSmart policy supports our culture of innovation, mentorship, and engagement, which is integral to our success in developing the best team.

* This is not intended to be an all-inclusive, exhaustive list of all essential job functions for this position. PetSmart retains the right to change or assign other required job duties to this position.

At PetSmart, Anything for Pets begins with our people. Every associate plays a vital role in creating meaningful experiences for pets and their families, and we empower our teams with the tools, resources, and opportunities to grow and succeed. 

We’re more than a workplace, we’re Team PetSmart. Together, we grow, collaborate, and challenge ourselves to be the best in all we do. Our culture is built on belonging and shared purpose, where every voice and experience matters. Guided by our values, we strive to do what’s right, lead responsibly, and bring our passion for pets to life every day. Not sure if you meet 100% of the position requirements and whether you should apply? We’d still like to hear from you and encourage you to apply with us! You might be the right fit for this role or another opportunity across Team PetSmart.

Our home office offers outstanding amenities in a fun and rewarding workplace including:

• Pet-friendly environment, bring your pets to work and enjoy the on-site dog park!
• On-Site Events & Adoptions, enjoy community-building opportunities, including pet adoption days, seasonal celebrations, family events, art events, & holiday festivals
• “Top Dog” gym with equipment, fitness classes, massage therapists, personal trainers, and wellness spaces
• “Sit & Stay” Café serving fresh breakfast and lunch options, snacks, & more
• “Lil Paws” NAEYC-accredited onsite childcare facility providing high-quality early education
• Paid Volunteer Opportunities to spend time doing good for causes close to heart
• Print Center and Business Services, Dry Cleaning, Mother's Rooms, Sustainable Infrastructure & more

 PetSmart provides an equal opportunity for all associates and job applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other legally protected characteristics.