Role Title:Senior Analyst - IS Risk Management (L09)

Company Overview:

• Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.
• We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.
• We provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.

Organizational Overview:

Synchrony’s Information Security Risk Management programs mission is to protect and enable Synchrony's business by integrating security risk management into our Technology landscape by proactively addressing emerging risk themes. Members of this group would have diversified exposure to Assessments and Audits(PCI, HIPAA etc.), Issue Management, Third Party Risk Management, Mergers & Acquisitions and Assurance.

Role Summary/Purpose:

This role would be muti-faceted and would support information security risk management activities such as Data Share requests, Job Aids maintenance, DLP/TLS Exceptions reconciliations, Third Party risk Management, New Joiner Awareness Sessions and PCI Supplier oversight. The role will provide oversight to ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements. The role will participate in audits, reviews, and assessments to ensure compliance with multiple compliance and regulatory standards and frameworks including, but not limited to PCI-DSS, CRI, SOX etc.

Key Responsibilities:

• Perform risk assessments of outbound(external) data sharing requests.
• Review SRS tools(Security Rating services) for external entities to assess potential risks factors based on their security posture and identify historic cyber events/incidents/data breaches.
• Perform monthly/quarterly exception reconciliations for DLP and TLS.
• Maintenance and Renewal of Information Security Job Aids for all Infosec teams.
• Support Third Party Risk Management activities such as Risk Profiles, Critical Vulnerability Surveys, Metrics and Reporting.
• Drive PCI Suppliers oversight activities by performing analysis of in-scope suppliers, gathering artifacts/documentation from supplier and maintaining inventory of suppliers' PCI artifacts, along with ongoing monitoring of their PCI compliance.
• Gather supporting evidence for PCI 4.0.1 supplier oversight controls.
• Deliver security awareness sessions as part of employee onboarding process for India central hub.
• Partner with Security, IT, and business functions to identify solutions to remediate assessment findings which meet regulatory, compliance and business needs
• Support administrative and maintenance tasks associated with GRC/TPRM Tools(Navex, Coupa etc.)
• Evaluate and communicate security risks and solutions to business partners and IT management/staff
• Support development of security risk management procedures and standards.
• Develop metrics, reporting and support ongoing monitoring program to ensure processes working as designed and risks are being tracked
• Support risk management special projects for PCI, Client assessments etc.

Required Skills/Knowledge:

• Bachelor’s degree in Computer Engineering or related field, with a minimum of 2 years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 4 years of experience in Information Security.
• Minimum 2 years of experience conducting security risk assessments
• Good understanding of IS Risk Management Concepts
• Good understanding of IT related US Banking regulations & industry best practices (IT SOX 404, NIST, PCI DSS, HIPAA etc.)
• Excellent interpersonal skills with ability to influence team members, management & external groups
• Self-motivated & able to work independently or in a team environment & work with virtual teams

Desired Skills/Knowledge:

• In depth understanding of Information Security and Risk Management foundational concepts
• Good understanding of data protection, cloud, AI concepts and technologies
• Ability to collaborate and work with various business teams like SRMP, CDO etc.

Eligibility Criteria:

Bachelor's degree in Information Security, Computer Science, or a related filed with minimum of 2 years of practical experience in Information Security and in lieu of Bachelor’s Degree minimum of 4 years of relevant experience.

Work Timings:5AM to 2PM EST
We are proud to offer flexibility at Synchrony. Our way of working allows you the option to work from home or workspaces in our Regional Engagement Hubs—Hyderabad, Bengaluru, Pune, Kolkata, or Delhi/NCR.
Occasionally you may be required to commute or travel to Hyderabad or one of the Regional Engagement Hubs for in person engagement activities such as business or team meetings, trainings, and culture events.

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role before applying
• Inform your manager and HRM before applying for any role on Workday
• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)
• Must not be any corrective action plan (First Formal/Final Formal, LPP)
• L6 to L7 Employees who have completed 12 months in the organization and 12 months in their current role and level are only eligible.
• L8+ Employees who have completed 18 months in the organization and 12 months in their current role and level are only eligible.
• L6+ employees can apply for this opportunity.

Grade / Level : 9

Job Family Group:

Information Technology

Apply