Compliance duties were previously overseen by Target's current vice president of assurance risk and compliance, who already had plans to retire at the end of March. Now, Target is separating the responsibility for assurance risk and compliance.
Target also said it is working with an outside adviser, Promontory Financial Group, to evaluate its technology, structure, processes and talent as part of the overhaul.
"While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly," Steinhafel said in a statement.
Target will be facing fallout from the theft for a while. The company said last week that its fourth-quarter profit fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers.
Target said sales have been recovering as more time passes since news of the breach. But the company expects business to be muted for some time. It issued a profit outlook for the current quarter and full year that was below Wall Street estimates as it faces hefty costs related to the breach.
Steinhafel told investors last week that Target has updated shoppers early and often on the investigation and is offering free credit monitoring for a year for any customer shopping at a Target store who wants it.
The company is also equipping its locations with more security technology. Target is accelerating its $100 million plan to roll out chip-based credit card technology, which experts say is more secure than traditional magnetic stripe cards.
Target's breach may eventually eclipse the biggest known data breach at a retailer, one disclosed in 2007 at the parent company of TJ Maxx that affected 90 million records.
In a posting last week on a company blog, Steinhafel said, "In the weeks ahead, we hope to understand more about how this attack happened. And will use what we learn to inform our guests, make Target a safer place to shop and to drive change across the broader retail industry."