Synchrony

AVP, IS Risk Management

Synchrony

full-time

Posted on:

Location Type: Hybrid

Location: HyderabadIndia

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

About the role

  • Lead and oversee risk assessments for outbound (external) data-sharing requests.
  • Review Security Rating Service (SRS) tools for external entities to evaluate risk factors based on security posture, including historical cyber events, incidents, and data breaches.
  • Lead and oversee the maintenance and renewal of Information Security job aids across all InfoSec L3 functions.
  • Support Third-Party Risk Management (TPRM) activities, including risk profiles, SIRF reviews, critical vulnerability surveys, metrics, and reporting.
  • Liaise with SRMP teams to coordinate and drive process simplification and enhancements, serving as the Third-Party Security (3PS) Subject Matter Expert (SME).
  • Drive PCI supplier oversight by analyzing in-scope suppliers, collecting required artifacts/documentation, maintaining the PCI evidence inventory, and monitoring ongoing PCI compliance.
  • Compile supporting evidence for PCI DSS supplier oversight controls and present documentation to the external QSA for audit review.
  • Deliver security awareness sessions as part of the employee onboarding program for India central hubs.
  • Lead and oversee timely and effective execution of the exception reconciliation process (DLP and TLS).
  • Support the development and continuous improvement of security risk management standards and procedures.
  • Develop metrics and reporting and support ongoing monitoring to confirm processes operate as designed and risks are tracked appropriately.
  • Support risk management special projects across PCI, risk management, and related initiatives.

Requirements

  • Bachelor’s degree in Computer Engineering or related field, with a minimum of 5+ years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 7+ years of experience in Information Security.
  • Minimum 2+ years of experience conducting security risk assessments.
  • Good understanding of IS Risk Management Concepts.
  • Good understanding of IT related US Banking regulations & industry best practices (NIST, PCI DSS, HIPAA, CRI etc.).
  • Excellent interpersonal skills with ability to influence team members, management & external groups.
  • Self-motivated & able to work independently or in a team environment & work with virtual teams.
  • Certifications (preferred): CISM, CISA, CCSP, CISSP (or equivalent).
Benefits
  • Best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
  • Career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
risk assessmentssecurity risk managementPCI compliancedata-sharing requestsmetrics and reportingexception reconciliation processvulnerability surveyssecurity awareness trainingthird-party risk managementsecurity posture evaluation
Soft Skills
interpersonal skillsinfluenceself-motivatedteamworkindependent workcommunicationprocess simplificationleadershipcollaborationproblem-solving
Certifications
CISMCISACCSPCISSP