Senior Analyst, IS Risk Management

Role Overview

• Support information security risk management activities such as Data Share requests, Job Aids maintenance, DLP/TLS Exceptions reconciliations, Third Party risk Management, New Joiner Awareness Sessions and PCI Supplier oversight
• Ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements
• Participate in audits, reviews, and assessments to ensure compliance with multiple compliance and regulatory standards and frameworks including, but not limited to PCI-DSS, CRI, SOX etc.
• Perform risk assessments of outbound(external) data sharing requests
• Review SRS tools(Security Rating services) for external entities to assess potential risks factors based on their security posture and identify historic cyber events/incidents/data breaches
• Perform monthly/quarterly exception reconciliations for DLP and TLS
• Maintenance and Renewal of Information Security Job Aids for all Infosec teams
• Support Third Party Risk Management activities such as Risk Profiles, Critical Vulnerability Surveys, Metrics and Reporting
• Drive PCI Suppliers oversight activities by performing analysis of in-scope suppliers, gathering artifacts/documentation from supplier and maintaining inventory of suppliers' PCI artifacts, along with ongoing monitoring of their PCI compliance
• Gather supporting evidence for PCI 4.0.1 supplier oversight controls
• Deliver security awareness sessions as part of employee onboarding process for India central hub
• Partner with Security, IT, and business functions to identify solutions to remediate assessment findings which meet regulatory, compliance and business needs
• Support administrative and maintenance tasks associated with GRC/TPRM Tools(Navex, Coupa etc.)
• Evaluate and communicate security risks and solutions to business partners and IT management/staff
• Support development of security risk management procedures and standards
• Develop metrics, reporting and support ongoing monitoring program to ensure processes working as designed and risks are being tracked
• Support risk management special projects for PCI, Client assessments etc.

Requirements

• Bachelor’s degree in Computer Engineering or related field, with a minimum of 2 years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 4 years of experience in Information Security
• Minimum 2 years of experience conducting security risk assessments
• Good understanding of IS Risk Management Concepts
• Good understanding of IT related US Banking regulations & industry best practices (IT SOX 404, NIST, PCI DSS, HIPAA etc.)
• Excellent interpersonal skills with ability to influence team members, management & external groups
• Self-motivated & able to work independently or in a team environment & work with virtual teams
• in depth understanding of Information Security and Risk Management foundational concepts
• Good understanding of data protection, cloud, AI concepts and technologies
• Ability to collaborate and work with various business teams like SRMP, CDO etc.

Tech Stack

• Cloud

Benefits

• best-in-class employee benefits and programs that cater to work-life integration and overall well-being
• career advancement and upskilling opportunities
• flexibility at Synchrony