Description:
The Senior Manager, provides strategic leadership and hands on execution to strengthen and mature Patterson’s risk, compliance, and governance programs. This role is accountable for delivering measurable outcomes that protect the confidentiality, integrity, and availability of Patterson’s information assets while enabling business objectives. The successful candidate combines deep expertise in risk and compliance with a proven ability to execute, driving initiatives from strategy through implementation and operational adoption. This leader anticipates challenges, removes obstacles, and drives accountability for results while coaching and developing a high performing team that consistently delivers outcomes, embraces ownership, collaborates effectively, and continuously improves how work gets done across the organization.
This is a hybrid position based at Patterson’s headquarters in Mendota Heights, Minnesota, requiring at least two days per week on site, with remote work available on the remaining days as business needs allow.
Essential Functions
To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request reasonable accommodation, notify Human Resources or the manager who oversees the position.
- Lead and execute the organization's security compliance programs, owning the full lifecycle of control design, implementation, operation, and continuous improvement. Ensure sustainable risk reduction, regulatory compliance, and audit readiness by establishing clear accountability, driving disciplined execution, and resolving issues with urgency.
- Own the enterprise Payment Card Industry Data Security Standard (PCI DSS) compliance program from end to end, including scope management, cardholder data flows, control governance, assessments, remediation, and ongoing compliance. Partners across business and technology teams to drive accountability, close gaps, and deliver measurable outcomes.
- Lead the technical resiliency program by identifying critical systems and recovery requirements, validating disaster recovery objectives, conducting and documenting risk reviews and recovery exercises, and driving remediation activities to strengthen technical resilience.
- Execute and continuously enhance the third-party risk management program by leading vendor security assessments, evaluating control effectiveness, prioritizing remediation, and leveraging automation and AI driven capabilities to improve efficiency, scalability, and risk visibility.
- Drive a high impact security awareness program through targeted education, phishing simulations, employee risk analysis, and measurable interventions that strengthen security culture and improve organizational resilience.
- Lead external assessments and regulatory engagements by partnering with control owners, Internal Audit, and external assessors to demonstrate control effectiveness, coordinate audits, and ensure timely remediation across frameworks including HIPAA, PCI, SOX, and other applicable requirements.
- Own enterprise cyber risk management processes, including risk assessments, exception governance, and approval workflows. Maintain executive dashboards and a centralized risk register that provide actionable insights into risk exposure, mitigation progress, and control performance to support informed decision making.
- Serve as a trusted advisor and thought leader by building strong relationships with industry peers, regulatory bodies, and professional organizations. Translate emerging trends, regulatory developments, and leading practices into practical strategies that strengthen the organization's security and compliance posture.
- Lead, coach, and develop a high performing security risk and compliance team by setting clear expectations, fostering accountability, removing barriers to execution, and building a culture focused on ownership, collaboration, continuous improvement, and results.
Required Qualifications
- Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science, Engineering, or a related field, or equivalent combination of education and relevant work experience.
- Minimum of 9 years of experience in Information Security, Risk, Compliance, or IT Audit, including responsibility for enterprise risk or compliance programs.