If you're a Director or VP of Asset Protection at a U.S. retailer reading this on Tuesday morning, here is the math that should keep you up at night.
The bottom of your function is being eaten by AI.
The middle of your pay band stopped growing roughly a decade ago.
The top of your career — the C-suite security seat at most Fortune 500 retail companies — is, in the overwhelming majority of cases, not held by someone who came up through AP.
None of this is the lonely story of an underperforming function. AP works. The investigations are real. The recoveries are real. The ROI is real.
The function is operationally healthy. The career is not.
The bottom is being eaten by AI
The first investigative job most AP careers begin with — store-level loss prevention agent, junior investigator, exception report analyst — is the role most directly exposed to AI displacement in retail.
The math through May 2026:
775 retail jobs cut in 2026 specifically attributed to AI-driven restructuring, on top of 3,200 cut to broader restructure (LayoffHedge, May 2026)
Macy's announced the largest single retail layoff of 2026 with 1,000 positions, citing AI-driven operational redesign
Walmart's AI-powered self-checkout verification rollout has been projected to displace approximately 8,000 cashier and floor positions
Estée Lauder raised its 2026 net reduction target to 9,000–10,000 roles, more than 70% at point of sale
77,999 tech jobs were tied directly to AI displacement in the first six months of 2025 alone (Challenger, Gray & Christmas) — the underlying pattern that retail is now importing
The function itself isn't disappearing. The launchpad inside the function is.
For decades, AP careers started with rotation through store-level investigations. Two to four years building case files, learning interview technique, understanding the operational floor before advancing to district, regional, divisional roles. Today the equivalent of that work — pattern recognition, exception detection, case assembly — is being done by software trained on millions of incidents. The retailers buying that software are not, in parallel, opening new entry-level pathways. They are not retraining the next generation. They are taking the savings and reducing headcount.
If you are senior AP today, the team of investigators you came up through no longer exists for the people who would be your successors. The talent pipeline that produced you is closing.
The middle has stopped paying
Now look at where the AP career currently sits, and what it pays.
A 2026 comparison of Fortune 500 retail security and risk leadership compensation:
Role | Typical 2026 comp range | Reporting level |
|---|---|---|
Director, Asset Protection (Walmart-tier) | $110K – $220K | Through VP |
VP, Asset Protection | $180K – $320K | Through SVP / EVP |
CISO, retail Fortune 500 | $400K – $700K | C-Suite |
Chief Risk Officer | $350K – $600K | C-Suite |
Chief Privacy Officer | $300K – $500K | C-Suite |
Source: Walmart 2026 public job postings; Glassdoor and Robert Half 2026 retail security comp data.
A Director of Asset Protection at Walmart — overseeing investigations across thousands of stores and reporting through SVP-level executives — has a 2026 salary ceiling that is roughly half of the CISO position protecting the same enterprise.
The CISO often has fewer staff under them and a smaller operational footprint. They get paid more because their function is closer to the C-suite, has cleaner board-level visibility, and is treated as a strategic technology investment rather than an operational cost center.
The middle of the AP career has not grown its compensation band in roughly a decade. The middle of the cyber security career has roughly tripled in the same window. The two functions are converging — but the AP function is being absorbed into the bigger function, not promoted to lead it.
The top doesn't have a door
Forrester's 2024 analysis of Fortune 500 retail Chief Security Officer profiles found:
79% of retail and consumer product Fortune 500 companies have a dedicated CISO with a public LinkedIn presence
The dominant career backgrounds for those CSOs and CISOs were: cyber security, military intelligence, federal law enforcement, and consulting
Asset Protection backgrounds were notably underrepresented in the leadership pool
At the level where retail security becomes a C-suite conversation, the people sitting in those chairs in the overwhelming majority of cases did not come up through AP. The path most AP directors are walking does not, in most companies, connect to the chair they might assume they're walking toward.
This is not a knock on AP professionals. It is a structural observation about how retail boards have decided to staff their senior security function. They have decided that the language of cyber, threat intelligence, and enterprise risk translates to the boardroom in a way that the language of shrink, investigations, and ORC does not.
You can disagree with that judgment. You cannot ignore it as a fact about the career market you're operating in.
A perspective from the field
Across two decades building security operations from scratch in four countries, I have watched the same career bifurcation play out everywhere.
The security professionals who broke through to C-suite roles were almost never the ones with the deepest investigations craft. They were the ones who learned to translate operational security into board language: enterprise risk, regulatory exposure, business continuity, brand resilience.
The professionals who stayed inside the traditional AP/LP discipline produced excellent work. They were often the best investigators in their organizations. They were also, almost without exception, capped at SVP at best.
This is not because investigations work matters less than other work. It is because the language of investigations is operational, and the language of executive leadership is strategic. The professionals who learned to speak both broke through. The ones who only spoke one didn't.
If you are reading this in a Director or VP seat right now, the question I would put to you is this: what fraction of your week is spent doing AP work, and what fraction is spent building the next layer of capability that takes you out of the AP silo? Most of the executives I have watched succeed went from 90/10 to 60/40 in roughly two years. The ones who stayed at 90/10 also stayed where they were.
Four practical moves for the next 90 days
Rename the function on your LinkedIn before you rename it at work. Your title at the office will catch up later. Update your headline and About section to position what you do as "Enterprise Risk and Asset Protection," "Retail Resilience," or "Security and Risk" — not just "Asset Protection." Recruiters, board members, and adjacent function leaders search those broader terms. AP alone narrows your visibility to one swim lane and to one career market.
Build technical fluency in one adjacent discipline this quarter. Privacy law (BIPA, CCPA, EU AI Act), AI governance, supply chain risk, or workplace violence prevention. Pick one. Take a course, earn a certificate, read the canonical books. The next time leadership needs someone to lead a cross-functional initiative on regulatory compliance, AI deployment ethics, or third-party risk, your name has to be on the short list. Today, in most retailers, it isn't.
Build external visibility outside the AP echo chamber. ASIS, NRF Protect, and RILA AP Conference are AP-to-AP conversations. The people who hire CSOs and Chief Risk Officers do not go to those events. Aim for one talk per year at an enterprise risk, retail technology, or board governance event. Publish one piece per quarter in a non-AP outlet. The career capital that opens C-suite doors comes from outside the bubble.
Build the metric that travels. Most AP scorecards measure shrink and recoveries — numbers that do not translate cleanly to boards. Build a Total Enterprise Risk dashboard that connects AP outcomes to broader business metrics: revenue protection, regulatory exposure avoided, brand incidents prevented, business continuity uptime maintained. The metric you can put in front of a board is the metric that defines whether you become a board candidate.
Closing note
The AP function is operationally healthy. The investigations work is real, the recoveries are real, the ROI is real.
The AP career is a different conversation. The data — entry-level positions being absorbed by AI, salary bands stagnating, executive seats almost never filled from inside the function — is asking a question every AP leader will eventually have to answer for themselves.
I'd like to hear from operators who have made the jump from a traditional AP role into a broader risk, resilience, or enterprise security position. What did you do? What worked? Reply with anything you can share, anonymized if you prefer.
If you're sitting in an AP seat right now and this edition landed harder than expected, that's the reason it was written. Forward it to one colleague who would benefit from the conversation.
— Gabriel
The LP Brief is a weekly intelligence read for senior loss prevention and asset protection leaders. Free. No vendor noise.
Not yet subscribed? thelpbrief.com