CX Security Program Manager

As part of the Customer Experience organization, the Vendor Governance & Site Operations (VGSO) team is responsible for Customer Experience vendor strategy, third‑party and captive site lifecycle governance, security compliance standards, and financial cohesion across the CX organization. This CX Security Program Manager will own CX’s security and access governance programs across our BPO network, CX hubs, and COE sites, with a primary focus on strengthening technology access controls, standardizing security review processes for CX tools, and tightening vendor security controls in close partnership with Security, IT, Enterprise Applications, and Vendor Management teams.

What you’ll be doing: 

• Own the CX security & access governance program across Consumer and Compliance operations, spanning physical security protocols, logical access controls, and sensitive workflow protections for BPOs, COEs, and CX Hubs.
• Program manage CX‑wide access governance initiatives end‑to‑end: drive the multi‑quarter roadmap, requirements, and implementation plan to standardize how FTE, CTR, and BPO access is requested, evaluated, approved, and monitored across all CX tools, in partnership with IT Solution Engineering, Enterprise Applications, IAM, Security, and People teams.
• Lead CX security risk review processes for new and existing tools: establish repeatable intake, triage, and tracking mechanisms for exception and deviation requests across the CX team; partner with Security and CX leadership on calibration, prioritization, and remediation plans; and ensure review outcomes are reflected in access controls, site standards, and vendor contracts where applicable.
• Scale BPO security governance frameworks by owning the roadmap and execution for security attestation and audit processes, and developing scalable mechanisms to track, review, and resolve security deviations and exception requests, in partnership with Physical Security and Vendor Management.
• Maintain device governance standards for CX BPOs, including CX’s standardized device lifecycle procedures for BPO endpoints, ensuring that enrollment, inventory, offboarding, and device movement controls are consistently applied across all CX BPO sites in alignment with IT and Physical Security standards.
• Build and maintain central CX security & access inventories (e.g., access‑control matrices, security review trackers, vendor security posture views) that connect sites, roles, tools, and entitlements, enabling faster impact analysis, access reviews, and audit responses.
• Drive cross‑functional program management and stakeholder alignment:
• Run working groups and steering forums across Security, IT, Enterprise Applications, VM, Operations, WFM, and People teams.
• Translate policy and control requirements into pragmatic implementation plans and change‑management for CX operations and vendor partners.
• Continuously improve security processes and playbooks (e.g., BPO site launch playbooks, termination/ramp‑down playbooks, security exception workflows), using lessons from incidents, audits, and vendor findings to refine controls, documentation, and training materials.

What we look for in you: 

• 7+ years of experience in program management, technical program management, security, IT, or risk management roles, ideally within a global CX, BPO, or fintech/financial services organization.
• Proven track record leading complex, cross‑functional security or access‑governance programs (e.g., IAM / LDAP group models, MDM/endpoint standards, security monitoring programs, or large‑scale tooling rollouts) from design through implementation and steady state.
• Deep familiarity with vendor/BPO environments and the interplay between physical security requirements, logical access controls, device standards, and operational processes at third‑party sites.
• Strong stakeholder management and communication skills, with demonstrated experience partnering closely with Security, IT, Enterprise Applications, Vendor Management, Operations, and Finance to drive alignment and execution across competing priorities.
• Comfort working with technical and non‑technical stakeholders: you can translate security policies and architectural choices into clear requirements, workflows, and SOPs for CX teams and vendors, and you’re comfortable discussing trade‑offs with IAM and engineering partners.
• Experience building and maintaining governance mechanisms (RACI, intake processes, approval models, trackers, playbooks) that improve clarity, speed, and auditability across distributed teams.
• Strong analytical and problem‑solving skills, including the ability to interpret risk assessments, security findings, and operational data to prioritize mitigations and measure program effectiveness.
• Excellent written communication skills, with experience writing process documents, playbooks, vendor guidance, and leadership‑ready updates on risk posture and program status.
• Proficiency with productivity and collaboration tools (e.g., G Suite, Jira, Asana, Salesforce or other case tools), and comfort learning new internal identity, access management, and vendor tracking systems.

Nice to haves:

• Prior experience owning security programs in a BPO or contact‑center context (e.g., site production‑zone standards, vendor risk assessments, or security audit programs).
• Experience working directly with or within Security, IAM, or Risk organizations, especially on technology risk reviews, vendor risk management, or audit remediation programs.
• Familiarity with crypto, fintech, or other highly regulated environments, and comfort working under evolving regulatory expectations around third‑party risk, data protection, and operational resilience.

Requirements: 

• Demonstrates the ability to responsibly use generative AI tools and copilots (e.g., LibreChat, Gemini, Glean) in daily workflows, continuously learn as tools evolve, and apply human‑in‑the‑loop practices to deliver business‑ready outputs and drive measurable improvements in efficiency, cost, and quality.

Job ID: 76298