Senior Analyst, IS Risk Management
Synchrony
full-time
Posted on:
Location Type: Hybrid
Location: Hyderabad • India
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Support information security risk management activities such as Data Share requests, Job Aids maintenance, DLP/TLS Exceptions reconciliations, Third Party risk Management, New Joiner Awareness Sessions and PCI Supplier oversight
- Ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements
- Participate in audits, reviews, and assessments to ensure compliance with multiple compliance and regulatory standards and frameworks including, but not limited to PCI-DSS, CRI, SOX etc.
- Perform risk assessments of outbound(external) data sharing requests
- Review SRS tools(Security Rating services) for external entities to assess potential risks factors based on their security posture and identify historic cyber events/incidents/data breaches
- Perform monthly/quarterly exception reconciliations for DLP and TLS
- Maintenance and Renewal of Information Security Job Aids for all Infosec teams
- Support Third Party Risk Management activities such as Risk Profiles, Critical Vulnerability Surveys, Metrics and Reporting
- Drive PCI Suppliers oversight activities by performing analysis of in-scope suppliers, gathering artifacts/documentation from supplier and maintaining inventory of suppliers' PCI artifacts, along with ongoing monitoring of their PCI compliance
- Gather supporting evidence for PCI 4.0.1 supplier oversight controls
- Deliver security awareness sessions as part of employee onboarding process for India central hub
- Partner with Security, IT, and business functions to identify solutions to remediate assessment findings which meet regulatory, compliance and business needs
- Support administrative and maintenance tasks associated with GRC/TPRM Tools(Navex, Coupa etc.)
- Evaluate and communicate security risks and solutions to business partners and IT management/staff
- Support development of security risk management procedures and standards
- Develop metrics, reporting and support ongoing monitoring program to ensure processes working as designed and risks are being tracked
- Support risk management special projects for PCI, Client assessments etc.
Requirements
- Bachelor’s degree in Computer Engineering or related field, with a minimum of 2 years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 4 years of experience in Information Security
- Minimum 2 years of experience conducting security risk assessments
- Good understanding of IS Risk Management Concepts
- Good understanding of IT related US Banking regulations & industry best practices (IT SOX 404, NIST, PCI DSS, HIPAA etc.)
- Excellent interpersonal skills with ability to influence team members, management & external groups
- Self-motivated & able to work independently or in a team environment & work with virtual teams
- in depth understanding of Information Security and Risk Management foundational concepts
- Good understanding of data protection, cloud, AI concepts and technologies
- Ability to collaborate and work with various business teams like SRMP, CDO etc.
Benefits
- best-in-class employee benefits and programs that cater to work-life integration and overall well-being
- career advancement and upskilling opportunities
- flexibility at Synchrony
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
security risk assessmentsdata protectioncloud technologiesAI conceptsrisk management proceduresmetrics developmentreportingcompliance assessmentsDLPTLS
Soft Skills
interpersonal skillsinfluenceself-motivatedindependent workteam collaborationcommunicationproblem-solvingadaptabilityorganizational skillspresentation skills