VP, IS Risk - Assurance (L12)

Role Title: VP, IS Risk - Assurance (L12)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.
• We provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.

Organizational Overview:

Synchrony’s Information Security Risk Management (ISRM) program protects and enables the business by embedding security risk management across the technology landscape. The program proactively identifies and addresses key risk themes to strengthen resilience and maintain a robust risk posture. Members of this team gain broad exposure to security assessments and audits (e.g., PCI, CRI, SWIFT, HIPAA), third-party risk management, assurance activities, and risk governance, including program administration and reporting.

Role Summary/Purpose:

This role reports to the VP, Information Security Assurance and is responsible for leading and executing assurance activities within Information Security Risk Management. Key responsibilities include Control Assurance, client assessments, first line of defence (1LOD) assessments, third-party contract reviews, and cyber insurance risk quantification. The role partners with stakeholders across Information Security, Sourcing, Technology, and Legal to coordinate assessments and ensure timely, high-quality outcomes. The successful candidate will translate regulatory and compliance expectations into actionable assurance plans, support control testing and validation, and drive measurable improvements in control effectiveness.

Essential Responsibilities:

• Oversee and execute end to end control assurance activities for all sub functions within Information Security
• Formalize, Pilot and execute first line of defence (1LOD) assessments for Information Security to proactively identify risks to the business
• Lead the client assessments program by liaising with internal client partners to ensure Synchrony is meeting client expectations for Information Security Assessments and Audits
• Collaborate with Sourcing and Legal teams to review third-party supplier contracts, ensuring contractual terms align with the defined scope of services and comply with applicable regulatory requirements and governance frameworks
• Support execution of FedLine and other assessments by working with internal  SMEs, Second and Third Line of defense teams
• Support renewal of Cyber Insurance for the organization by working with insurance brokers and key internal stakeholders
• Develop Synchrony Financial Security Assurance specific security standards and procedures
• Perform other duties and/or special projects as assigned.

Required Skills/Knowledge:

• Bachelor’s degree in Computer Engineering or related field, with a minimum of 10+ years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 12+ years of experience in Information Security.
• 8+ years of progressive experience in information security, technology risk, security controls assurance, or audit, including 5+ years leading teams.
• Good understanding of IS Risk Management Concepts
• Strong working knowledge of IT related US Banking regulations & industry best practices (NIST, PCI DSS, HIPAA, CRI etc.)
• Demonstrated experience designing and executing control testing/assurance programs across multiple security domains
• Exposure to working with external attack surface monitoring tools to partner with internal stakeholders to remediate external risk exposure to the organization
• Proven ability to influence and partner across Information Security, Technology, Risk, Compliance, and Audit functions
• Excellent executive communication skills—able to synthesize complex findings into clear, actionable insights.
• Excellent interpersonal skills with ability to influence team members, management & external groups
• Self-motivated & able to work independently or in a team environment & work with virtual teams

Desired Skills:

• In depth understanding and working experience in Information Security and Risk Management in US based financial institutions
• Good understanding of security controls pertaining to emerging technologies like Cloud, AI and Data Protection
• Exposure to SIG and other Shared Assessments offerings
• Familiarity with Privacy regulations across US, India and Philippines
• Certifications (preferred): CISM, CISA, CCSP, CGRC, CISSP etc

Eligibility Criteria:

Bachelor’s degree in Computer Engineering or related field, with a minimum of 10+ years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 12+ years of experience in Information Security.

Work Timings:5AM to 2PM EST

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying
• Inform your manager or HRM before applying for the role on Workday
• Ensure that your professional profile is updated (fields such as education, prior experience, skills) and it is mandatory to upload your updated resume (Word or PDF format)
• Must not be any corrective action plan (First Formal/Final Formal, LPP)
• L10+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible
• L10 + Employees can apply

Grade/Level: 12

Job Family Group: