Retail and consumer brands sit at a particularly exposed intersection of cybersecurity risk. They handle payment card data across thousands of point-of-sale terminals, manage loyalty programs holding personal information for millions of customers, operate e-commerce platforms that never go offline, and protect intellectual property and supply chain data that competitors and nation-state actors both find worth targeting. A breach does not just create regulatory exposure. It damages the relationship between a brand and the customers who chose it, sometimes irreparably. The leaders in this feature are protecting some of the most recognizable consumer names in the world, and their programs reflect what security looks like when the brand itself is part of what is being defended.
Ngozi Eze — CISO, Levi Strauss and Co.
Ngozi Eze has served as CISO at Levi Strauss and Co. since April 2021, protecting one of the world’s most recognized apparel brands across its global operations spanning more than 110 countries. Before Levi’s, he spent nearly a year as SVP and deputy CISO at the Federal Reserve System and more than four years as VP and chief business security officer at ADP, overseeing security for a company whose payroll and HR platforms touch the workforce data of hundreds of thousands of organizations. Before ADP, he served as information security officer at Equifax and spent nearly three years as a senior IT risk analyst at McKesson. He began his career as an IT auditor at Fifth Third Bank and AT&T and as a systems analyst at Kroger, giving him a retail technology foundation that bookends his career in an unusually symmetrical way. He serves on the board of directors of the Retail and Hospitality ISAC and on the board of TechBridge, a nonprofit advancing digital equity. That combination of financial services security, payroll platform security, and central banking oversight now informs how he approaches brand and consumer data protection at one of the most storied names in American fashion.
Rosalia Hajek — Global CISO, Topgolf Callaway Brands
Rosalia Hajek was recruited to Topgolf Callaway Brands as global CISO in May 2024 following a major ransomware incident, tasked with rebuilding the company’s global cybersecurity, privacy, IT audit, and technology risk model across a portfolio of sports technology and lifestyle brands spanning Topgolf, Callaway Golf, TravisMathew, and Jack Wolfskin. Before Topgolf Callaway, she spent two years as enterprise business information security officer at MGM Resorts International, designing and operationalizing MGM’s first BISO model across global hospitality, gaming, and digital customer platforms serving 46 million customer interactions and 63,000 employees. Before MGM, she spent nine years at Kaiser Permanente building the organization’s first integrated governance model aligning cybersecurity, privacy, and technology risk management across national operations for more than 12.7 million members, deploying AI-driven behavioral analytics to detect insider and nation-state threats, and achieving zero critical audit findings across multiple regulatory cycles. Her earlier career includes technology and clinical data leadership roles at Cedars-Sinai and UCLA Health. She serves on the advisory board of USC Viterbi School of Engineering, on the Black Hat AI Summit advisory board, and as a founding quantum member of Women in AI Governance. Her arrival at Topgolf Callaway following a ransomware event reflects an organization choosing a leader whose track record is built on rebuilding security posture in complex, high-profile environments.
Vikrant Arora — CISO, Burlington Stores
Vikrant Arora joined Burlington Stores as CISO in June 2024, bringing more than a decade of first-CISO experience across some of the most complex healthcare environments in the country before stepping into retail security leadership. At Hospital for Special Surgery, he implemented the industry’s first IoT and IoMT security solution delivering real-time security for more than 20,000 biomedical devices, and at NYC Health and Hospitals he built the security program for the largest municipal healthcare system in the US from the ground up, overseeing HIPAA and PCI compliance across 16 hospitals, 45,000 users, and 700,000 plan members while reporting to the CEO, board, and Mayor of New York City. That operational scale and regulatory complexity, combined with his earlier security consulting work at Dimension Data across healthcare and life sciences, gives him a security governance depth that translates directly to a major off-price retail chain whose customer data, payment systems, and supply chain all require enterprise-grade protection. He serves on customer advisory boards for ForgeRock, Symantec, and Wiz, and is co-authoring a Taylor and Francis book on AI and cybersecurity for healthcare boards.
Aalok Shah — CISO, Family Dollar
Aalok Shah joined Family Dollar as CISO in July 2025, having served as deputy CISO at Dollar Tree Stores since June 2023, giving him direct institutional knowledge of the discount retail security environment before stepping into the top security seat at its sister brand. Before Dollar Tree, he spent more than five years at Capital One as head of enterprise network security and director of cloud and network technology services, leading cloud and connectivity transformation for one of the largest digital banks in the country. Before Capital One, he spent more than four years at Yum! Brands as senior manager of IT infrastructure and security, designing and implementing managed network infrastructure and security services across 6,000 branch locations for Pizza Hut US, establishing security awareness, incident response, and vulnerability management programs, and serving on the Yum Network and InfoSec Governance Board. His earlier career includes IT infrastructure management at the Federal Home Loan Bank of Dallas and infrastructure architecture roles in healthcare and telecommunications. That combination of quick-service restaurant network security, large-scale financial services cloud security, and discount retail security leadership reflects a practitioner whose cross-sector technical depth is directly applicable to a retailer operating thousands of stores across underserved communities nationwide.
Paul Drapeau — CISO, New Balance
Paul Drapeau was appointed CISO at New Balance in May 2026, having spent the preceding four years as head of global information security at the same company, building the security program from the ground up across a privately held athletic footwear and apparel brand with global manufacturing, retail, and e-commerce operations. Before New Balance, he spent a year and a half as SVP and associate managing director of cyber risk at Kroll, advising clients on security program improvement and overseeing the global solutions engineering team for Kroll’s managed detection and response services. Before Kroll, he spent more than four years at VMware Carbon Black as enterprise architect and product architect for security efficacy, leading the MITRE ATT&CK evaluation participation and driving the threat detection and prevention roadmap across the Carbon Black Cloud. He began his security career as a principal security researcher at Confer Technologies, joining pre-revenue before its acquisition by Carbon Black, and spent thirteen years as associate director of infrastructure security and networking at Vertex Pharmaceuticals. He holds patents from his research work and has presented at DEFCON, BSides events, and InfosecWorld. That threat research and endpoint security product background, applied to a global consumer brand with manufacturing and retail operations across multiple continents, reflects a security leader whose adversary-focused perspective informs how he builds defensive programs.
Retail Security Is a Consumer Trust Problem
Every organization in this feature is ultimately in the business of earning and keeping consumer trust, and every security decision they make either protects or erodes that trust. Payment card data, loyalty program records, purchase history, and digital account credentials are the currency of the modern retail relationship, and customers who lose confidence in how a brand protects their information rarely come back. The leaders in this feature build programs that understand that reality, treating security not as a compliance function bolted onto retail operations but as a foundational element of the consumer relationship that their brands depend on.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.