AVP, Operational Risk - Information Security (L10)

Job Description:

Role Title: AVP, Operational Risk - Information Security (L10)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India s Best Companies to Work for by Great Place to Work. We were among the Top 50 India s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.

• Synchrony celebrates ~52% women diversity, 105+ people with disabilities, and ~50 veterans and veteran family members.

• We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.

• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.

Organizational Overview:

Synchronys Risk Team is a dynamic and innovative team dedicated to providing oversight as 2nd Line of Defense. Our Risk organization consists of 4 pillars: Compliance, Credit & Financial Risk, Enterprise Risk and Operational Risk. Each of the pillars plays a vital role in managing Risk and supports the business in anticipating and addressing risks, issues, and challenge.

This role is aligned to the Operational Risk pillar primarily supporting the Information Security Oversight.

Role Summary/Purpose:

We are seeking a proactive and analytical AVP, Operational Risk - Information Security to join our Second Line of Defense (2LoD) team. This role will focus on analytics, risk assessments, and organizational skills to support the oversight activities of the identification, monitoring, and reporting of information security and organizational resiliency risks. The AVP will collaborate with senior Risk Managers and cross-functional teams to provide insights and improve risk management practices. This position is designed for professionals seeking growth opportunities in the field of technical and Information Security risk management.

Key Responsibilities:

Risk Oversight and Analytics:

• Collaborate with risk teams to monitor and evaluate the effectiveness of information security and resiliency measures.

• Utilize analytics tools and methodologies to provide data-driven insights on risk trends and control effectiveness.

• Support the assessment of measures related to data protection, identity and access management, business continuity, and disaster recovery.

Risk Assessment and Reporting:

• Conduct and document risk assessments for various Technology, Information Security and organizational changes.

• Evaluate technical processes and controls adequacy and effectiveness to provide actionable feedback and recommendations.

• Assist in preparing clear and concise reports on risks and control performance for internal stakeholders.

Organizational Support:

• Coordinate tasks related to the Information Risk Oversight Framework (IROF) to ensure timely tracking and completion.

• Maintain organized documentation for risk assessment processes and outcomes.

• Provide administrative and logistical support for cross-functional assessment efforts.

Governance and Communication:

• Contribute to the preparation of materials for governing committees and sub-committees.

• Engage with cross-functional teams and external stakeholders to ensure alignment with risk management objectives.

• Perform other duties and/or special projects as assigned

Required Skills/Knowledge:

• Bachelor s degree or equivalent in a relevant field (e.g., Computer Science, Information Technology, Risk Management) with 4+ years of relevant experience or in lieu of a degree 6+years of relevant experience.

• Minimum 4+ Experience in information technology, information security, IT audit or risk management.

• Familiarity with industry frameworks and standards such as ISO, NIST, CRI Profile, and PCI.

• Strong analytical and organizational skills, with the ability to manage multiple priorities effectively.

Desired Skills/Knowledge:

• Financial services industry experience with exposure to US financial service regulatory bodies and their associated regulations. (e.g. Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB)).

• Basic understanding of public cloud platforms (AWS, Azure, Google Cloud).

• Exposure to technical risk assessment processes.

• Strong communication and interpersonal skills for engaging with technical and non-technical stakeholders.

• Proficiency in data analysis tools (e.g., Microsoft Excel) and familiarity with risk management software.

• Familiarity with Large Language Models (LLM) and AI technologies.

• A proactive approach to learning and continuous improvement.

• Commitment to adhering to organizational and regulatory standards.

Eligibility Criteria:

Bachelor s Degree in any discipline with 4+ years of relevant experience, or in lieu of a degree 6+ years of relevant experience

Work Timings:

This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time - 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.

For Internal Applicants :

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (Formal/Final Formal)

• L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible

• L8+ Employees can apply

Grade/Level: 10

Job Family Group: