Job Description

Company Overview:Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry\'s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.We have recently been ranked #5 among India\'s Best Companies to Work for 2023, #21 under LinkedIn Top Companies in India list, and received Top 25 BFSI recognition from Great Place To Work India. We have been ranked Top 5 among India\'s Best Workplaces in Diversity, Equity, and Inclusion, and Top 10 among India\'s Best Workplaces for Women in 2022.We offer 100% Work from Home flexibility for all our Functional employees and provide some of the best-in-class Employee Benefits and Programs catering to work-life balance and overall well-being. In addition to this, we also have Regional Engagement Hubs across India and a co-working space in Bangalore.Organizational Overview:Synchrony\'s Information Security Risk Management program\'s mission is to protect and enable Synchrony\'s business by integrating security risk management into our Technology landscape by proactively addressing emerging risk themes. Members of this group would have diversified exposure to Assessments and Audits (PCI, HIPAA etc.), Issue Management, Third Party Risk Management.Role Summary/Purpose:This position will support the PCI, Policy, and Compliance Assessments that is responsible for SYF compliance to PCI Data Security Standards, maintenance / annual refresh of the Information Security Policy, and assessments / activities associated with compliance to other frameworks/CTCs including but not limited to HIPAA. The incumbent will be involved with assessments planning, assessments scope and preparation (e.g., collection and review of control artifacts), monitoring organizational maturity / remediation item progress, and consolidation / reporting of program risks & issues.Key Responsibilities:Contribute and execute, as part of a team, on scheduled assessments, executing projects from start to finishPerform internal application reviews to ensure they meet PCI compliance requirements by securing card holder dataEnsure Third Party Supplier PCI compliance in collaboration with Third Party Supplier oversight program activities by maintain a list of service providers that provide services within the scope of PCI. Activities shall include reviewing AOCs, SAQs, Shared Responsibility matrix, and MSAs as well as obtaining training artifacts.Obtain and review assessment artifacts prior to submission to external assessors to ensure compliancePartner with Security, IT, and business functions to identify solutions to remediate assessment findings maturity topicsSupport detailed process walkthroughs with management, including the identification of process risks and controls, or similar activities as needed to advance program initiativesParticipate in review of new applications / infrastructure service CIs for proper classification of CMDB fields including PCI, PCI Category, Data Classification, SOX.Perform other duties and/or special projects as assignedRequired Skills/Knowledge:Bachelor\'s degree in any disciplineMinimum of 2 years of experience in Information TechnologyMinimum of 2 years of experience in Information Security.Minimum 2 years of experience in audit and/or conducting security risk assessmentsExcellent interpersonal skills with ability to influence team members, management.Good Knowledge of IT related industry assessments including PCI DSS, HIPAA.Self-motivated & able to work independently or in a team environment & work with virtual teamsWilling to work in flexible shift timings to meet job responsibilitiesGood understanding of IS Risk Management ConceptsDesired Skills/Knowledge:Certified CISA, CISM, PCIPExperience with GRC tools (Keylight, Coupa etc.)Awareness of IT related industry assessments (ISO 27001, NIST) is a plus.Eligibility Criteria:Bachelor\'s degree in Information Security, Computer Science, or a related filed with minimum of 2 years of practical experience in Information Security and in lieu of Bachelor\'s Degree minimum of 4 years of relevant experience.Good Knowledge of IT related industry assessments including PCI DSS, HIPAA.Work Timings: This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time - 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.)For Internal Applicants:Understand the criteria or mandatory skills required for the role, before applyingInform your manager and HRM before applying for any role on WorkdayEnsure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)Must not be any corrective action plan (First Formal/Final Formal, PIP)L4 to L7 Employees who have completed 12 months in the organization and 12 months in current role and level are only eligible.L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.L04+ Employees can applyGrade/Level: 09Job Family Group: Information Technology

Synchrony