You definitely can't capture multiple payments from one authorization. Only one payment (capture) can occur per prior authorization. Once an amount is captured the authorization is no longer valid.
What you're looking for is called recurring billing. How it works is you create a subscription with a fixed amount, fixed schedule (monthly, annual, etc), and duration. When you create the subscription you provide the payment information (i.e. credit card details) and they store it on their servers which takes most of the PCI compliance out of your hands (accepting the credit card information on your site does come with some PCI responsibilities). Basically they charge the customer each month for you automatically.
If the amount of each payment or schedule for each payment will vary then a service like Authorize.Net's CIM is handy because they let you store the customer's credit card information on their servers by creating a payment profile for that customer. You then can charge against it simply by telling Authnet to charge that payment profile. Your PCI responsibilities are the same as with recurring billing.
If you're really trying to avoid PCI compliance Authorize.Net offers a hosted version of CIM which allows you to avoid having to handle the credit card information at all.
If your employer doesn't want to work with Authorize.Net you'll have to try to find someone who offers similar services. They're out there although i can't say they offer as much as Authnet does plus Authnet's APIs are the easiest to work with by far. But at least now you know how this works. Good luck.