AVP, IS Risk Management (L10)

Role Title: AVP, IS Risk Management (L10)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.
• We provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.

Organizational Overview:

Synchrony Information Security Risk Management (ISRM) program protects and enables the business by embedding security risk management across the technology landscape. The program proactively identifies and addresses key risk themes to strengthen resilience and maintain a robust risk posture. Members of this team gain broad exposure to security assessments and audits (e.g., PCI, CRI, SWIFT, HIPAA), third-party risk management, assurance activities, and risk governance, including program administration and reporting.

Role Summary/Purpose:

This role is multi-faceted and will lead and execute key information security risk management activities, including data-sharing requests, maintenance of job aids, third-party risk management, new-joiner security awareness sessions, and oversight of PCI supplier programs. The position will provide governance and oversight to ensure security controls are appropriately designed and operating effectively to meet applicable legal, regulatory, policy, standards, and information security requirements. Overall, this position contributes to strengthening the organization’s security posture by ensuring consistent execution of risk management processes and sustained compliance across programs and suppliers.

Key Responsibilities:

• Lead and oversee risk assessments for outbound (external) data-sharing requests.
• Review Security Rating Service (SRS) tools for external entities to evaluate risk factors based on security posture, including historical cyber events, incidents, and data breaches.
• Lead and oversee the maintenance and renewal of Information Security job aids across all InfoSec L3 functions.
• Support Third-Party Risk Management (TPRM) activities, including risk profiles, SIRF reviews, critical vulnerability surveys, metrics, and reporting.
• Liaise with SRMP teams to coordinate and drive process simplification and enhancements, serving as the Third-Party Security (3PS) Subject Matter Expert (SME).
• Drive PCI supplier oversight by analyzing in-scope suppliers, collecting required artifacts/documentation, maintaining the PCI evidence inventory, and monitoring ongoing PCI compliance.
• Compile supporting evidence for PCI DSS supplier oversight controls and present documentation to the external QSA for audit review.
• Deliver security awareness sessions as part of the employee onboarding program for India central hubs.
• Lead and oversee timely and effective execution of the exception reconciliation process (DLP and TLS).
• Support the development and continuous improvement of security risk management standards and procedures.
• Develop metrics and reporting and support ongoing monitoring to confirm processes operate as designed and risks are tracked appropriately.
• Support risk management special projects across PCI, risk management, and related initiatives.

Required Skills/Knowledge:

• Bachelor’s degree in Computer Engineering or related field, with a minimum of 5+ years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 7+ years of experience in Information Security.
• Minimum 2+ years of experience conducting security risk assessments
• Good understanding of IS Risk Management Concepts
• Good understanding of IT related US Banking regulations & industry best practices (NIST, PCI DSS, HIPAA, CRI etc.)
• Excellent interpersonal skills with ability to influence team members, management & external groups
• Self-motivated & able to work independently or in a team environment & work with virtual teams

Desired Skills & Knowledge

• In depth understanding of Information Security and Risk Management foundational concepts
• Good understanding of security controls pertaining to Cloud, AI and Data Protection
• Ability to collaborate and work with various business teams like SRMP, CDO etc.
• Certifications (preferred): CISM, CISA, CCSP, CISSP (or equivalent).

Eligibility Criteria:

• Bachelor’s degree in Computer Engineering or related field, with a minimum of 5+ years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 7+ years of experience in Information Security.

Work Timings:2:30 PM to 11:30 PM IST

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying
• Inform your manager and HRM before applying for any role on Workday
• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)
• Must not be any corrective action plan (First Formal/Final Formal, LPP)
• L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.
• L8+ Employees can apply

Grade/Level: 10

Job Family Group: