Job Description

: Role Title: AVP - IS PCI & Compliance Assessments (L10) Company Overview: COMPANY OVERVIEW: Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry\xe2\x80\x99s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #5 among India\xe2\x80\x99s Best Companies to Work for 2023, #21 under LinkedIn Top Companies in India list, and received Top 25 BFSI recognition from Great Place To Work India. We have been ranked Top 5 among India\xe2\x80\x99s Best Workplaces in Diversity, Equity, and Inclusion, and Top 10 among India\xe2\x80\x99s Best Workplaces for Women in 2022.
• We offer 100% Work from Home flexibility for all our Functional employees and provide some of the best-in-class Employee Benefits and Programs catering to work-life balance and overall well-being. In addition to this, we also have Regional Engagement Hubs across India and a co-working space in Bangalore.

Organizational Overview: "Synchrony\xe2\x80\x99s Information Security Risk Management programs mission is to protect and enable Synchrony\'s business by integrating security risk management into our Technology landscape by proactively addressing emerging risk themes. Members of this group would have diversified exposure to Assessments and Audits(PCI, HIPAA etc.), Issue Management, Third Party Risk Management, Mergers & Acquisitions and Assurance. " Role Summary/ Purpose: This position will support the VP, Information Security Risk Assessment \xe2\x80\x93 PCI and Compliance Assessments that is responsible for SYF compliance to PCI Data Security Standards, maintenance / annual refresh of the Information Security Policy, and assessments / activities associated with compliance to other frameworks/CTCs including but not limited to HIPAA, GLBA/Privacy, SWIFT, Fedline, and SOX. The incumbent will be involved with assessments planning, assessments scope and preparation (e.g., collection and review of control artifacts), monitoring organizational maturity / remediation item progress, and consolidation / reporting of program risks & issues. The position will liaise with functional areas within Technology and Operations, especially Engineering, Information Security, Technology Risk Management, Chief Technology Office, and Data Governance. Additionally, the role has responsibility to assist the leadership team and provide required documentation as needed. This role may also assist with supporting Risk Management special projects for Assurance, PSPs, and Data Share requests.
Essential Responsibilities:

• Contribute and execute, as part of a team, on scheduled assessments, executing projects from start to finish
• Perform internal application reviews to ensure they meet PCI compliance requirements by securing card holder data
• Ensure Third Party Supplier PCI compliance in collaboration with Third Party Supplier oversight program activities by maintaining a list of service providers that provide services within the scope of PCI. Activities shall include reviewing AOCs, SAQs, Shared Responsibility matrix, and MSAs as well as obtaining training artifacts.
• Obtain and review assessment artifacts prior to submission to external assessors to ensure compliance
• Partner with Security, IT, and business functions to identify solutions to remediate assessment findings maturity topics
• Support detailed process walkthroughs with management, including the identification of process risks and controls, or similar activities as needed to advance program initiatives
• Develop metrics, reporting and tracking program to ensure processes working as designed and risks are being tracked
• Participate in review of new applications / infrastructure service CIs for proper classification of CMDB fields including PCI, PCI Category, Data Classification, SOX.
• Perform other duties and/or special projects as assigned
• Obtain PCI Internal Security Assessor (ISA) certification within the first 12 months in the role

Required Qualifications:

• Minimum of 5 years of experience in Information Security.
• Minimum 2 years of experience in audit and/or conducting security risk assessments
• Excellent interpersonal skills with ability to influence team members, management & external groups
• Good understanding of IT related industry assessments including PCI DSS, HIPAA, GLBA/Privacy, and SWIFT/FedLine.
• Understanding of IT SOX, FFIEC CAT, NIST.
• Self-motivated & able to work independently or in a team environment & work with virtual teams
• Willing to work in flexible shift timings to meet job responsibilities
• Good understanding of IS Risk Management Concepts

Desired Qualifications:

• Certified CISSP, CISA, CISM, CRISC
• Experience with GRC tools (Keylight, Coupa etc.)
• Awareness of IT related industry assessments (FFIEC CAT, NIST) is a plus

Eligibility Criteria: Bachelor\xe2\x80\x99s degree in any discipline with minimum of 5 years of experience in Information Technology, or in lieu of a degree and 7 years of experience in Information Technology Work Timings: This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time \xe2\x80\x93 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying
• Inform your manager and HRM before applying for any role on Workday
• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)
• Must not be any corrective action plan (First Formal/Final Formal, PIP)
• Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible
• L08+ Employees can apply.

Grade/Level: 10 Job Family Group: Information Technology