Job Description

:Role Title: Senior Analyst - IS Risk Management (L09)Company Overview:COMPANY OVERVIEW: Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry\xe2\x80\x99s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.We have recently been ranked #5 among India\xe2\x80\x99s Best Companies to Work for 2023, #21 under LinkedIn Top Companies in India list, and received Top 25 BFSI recognition from Great Place To Work India. We have been ranked Top 5 among India\xe2\x80\x99s Best Workplaces in Diversity, Equity, and Inclusion, and Top 10 among India\xe2\x80\x99s Best Workplaces for Women in 2022.We offer 100% Work from Home flexibility for all our Functional employees and provide some of the best-in-class Employee Benefits and Programs catering to work-life balance and overall well-being. In addition to this, we also have Regional Engagement Hubs across India and a co-working space in Bangalore.Organizational Overview: Synchrony\xe2\x80\x99s Information Security Risk Management programs mission is to protect and enable Synchrony\'s business by integrating security risk management into our Technology landscape by proactively addressing emerging risk themes. Members of this group would have diversified exposure to Assessments and Audits(PCI, HIPAA etc.), Issue Management, Third Party Risk Management, Mergers & Acquisitions and Assurance.Role Summary/Purpose: This role would be muti-faceted and would support information security risk management activities such as Data Share requests, Job Aids maintenance, RIM/ILM Activities, Third Party risk Management, New Joiner Awareness Sessions and PCI Supplier oversight. The role will provide oversight to ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements. The role will participate in audits, reviews, and assessments to ensure compliance with multiple compliance and regulatory standards and frameworks including, but not limited to NIST, PCI-DSS, SOX 404, etc.Key Responsibilities:Perform risk assessments of outbound(external) data sharing requestsReview SRS tools(Security Rating services) for external entities to assess potential risks factors based on their security posture and identify historic cyber events/incidents/data breachesSupport RIM/ILM activities for Information Security L3 functionsMaintenance and Renewal of Information Security Job Aids for all Infosec teams.Support Third Party Risk Management activities such as Risk Profiles, Critical Vulnerability Surveys, Metrics and Reporting.Drive PCI Suppliers oversight activities by performing analysis of in-scope suppliers, gathering artifacts/documentation from supplier and maintaining inventory of suppliers\' PCI artifacts, along with ongoing monitoring of their PCI compliance.Gather supporting evidence for PCI 4.0 supplier oversight controls and present to external auditor QSA for review.Deliver security awareness sessions as part of employee onboarding process for India central hub.Partner with Security, IT, and business functions to identify solutions to remediate assessment findings which meet regulatory, compliance and business needsSupport administrative and maintenance tasks associated with GRC Tools(Navex, Coupa etc.)Evaluate and communicate security risks and solutions to business partners and IT management/staffSupport development of security risk management procedures and standards.Develop metrics, reporting and support ongoing monitoring program to ensure processes working as designed and risks are being trackedSupport risk management special projects for PCI, Client assessments etc.Required Skills/Knowledge:Bachelor\xe2\x80\x99s degree in Computer Engineering or related field, with a minimum of 2 years of experience in Information Security OR in lieu of the Bachelor\'s degree, a minimum of 4 years of experience in Information Security.Minimum 2 years of experience conducting security risk assessmentsGood understanding of IS Risk Management ConceptsGood understanding of IT related US Banking regulations & industry best practices (IT SOX 404, NIST, PCI DSS, HIPAA etc.)Excellent interpersonal skills with ability to influence team members, management & external groupsSelf-motivated & able to work independently or in a team environment & work with virtual teamsDesired Skills/Knowledge:In depth understanding of Information Security and Risk Management foundational conceptsGood understanding of data protection concepts and technologiesAbility to collaborate and work with various business teams like SMP, CDO etc.Eligibility Criteria:Bachelor\'s degree in Information Security, Computer Science, or a related filed with minimum of 2 years of practical experience in Information Security and in lieu of Bachelor\xe2\x80\x99s Degree minimum of 4 years of relevant experience.Work Timings: This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time \xe2\x80\x93 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.)For Internal Applicants:Understand the criteria or mandatory skills required for the role, before applyingInform your manager and HRM before applying for any role on WorkdayEnsure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)Must not be any corrective action plan (First Formal/Final Formal, PIP)L4 to L7 Employees who have completed 12 months in the organization and 12 months in current role and level are only eligible.L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.L04+ Employees can applyJob Family Group: Information Technology

Synchrony