Key skills
AgileCI/CDProject ManagementRisk ManagementCommunication
About this role
Synchrony is a financial services company, and they are seeking a VP, Security Engineering Programs & Controls to lead the modernization of their Information Security Engineering control landscape. The role involves integrating Governance, Risk, and Compliance deliverables into program execution while managing cross-functional initiatives and ensuring alignment with organizational security objectives.
Responsibilities:
- Assess and create a vision for strengthening the GRC practices of Security Engineering including but not limited to publication of security controls, authoring and/or revision of ancillary documentation (e.g., Synchrony Policies, Standards, and Procedures), and evidence-gathering practices
- Advocate for and facilitate the integration of GRC into Security Engineering programs
- Partner with Risk Managers and Governance personnel to ensure organizational alignment
- Build and maintain a Security Engineering control library mapped to enterprise risks and frameworks (e.g., NIST/FFIEC/PCI as applicable)
- Standardize evidence requirements, retention, and automation opportunities (e.g., GRC tooling, CI/CD artifacts, logging sources)
- Partner on control testing/assurance activities (design/operating effectiveness), including periodic reviews and control health metrics
- Prioritize and align security objectives with the controls necessary for risk mitigation and operational efficiency
- Lead and manage cross-functional information security engineering initiatives
- Provide executive-ready communications and influence decisions through data and risk-based narratives
- Coordinate project planning, resource allocation, risk management, and stakeholder engagement to ensure program milestones are met. Establish and run a Security Engineering program governance cadence (steering, RAID, milestone reviews)
- Drive consistent delivery artifacts: charters, business cases (as needed), integrated plans, RAID logs, comms plans
- Build strong collaborative relationships with security engineers, architects, compliance teams, and business partners to drive program success
- Act as a key liaison between technical teams and business units, facilitating communication and consensus without direct authority
- Develop and maintain program documentation including roadmaps, status reports, risk registers, and post-mortem analyses
- Monitor project progress, identify and mitigate risks and blockers, escalating issues strategically when needed
- Stay informed on emerging information security technologies and industry trends to provide context and guidance for program direction
- Advocate for best practices in security engineering project execution and contribute to continuous improvement of program management processes
- Drive initiatives with strong organizational discipline, attention to detail, and proactive problem-solving mindset
- Perform other duties and/or special projects as assigned
Requirements:
- Bachelor's degree in Information Technology, Cybersecurity, Business Administration, or a related discipline is preferred; in lieu of a degree, minimum 6 years of relevant experience will be considered
- 5+ years of program or project management experience in information security or IT engineering environments
- Awareness and conceptual understanding of information security technologies such as data protection, encryption, or data protection
- Experience collaborating with cross-functional technology teams, including engineers, architects, and compliance professionals
- Ability and flexibility to travel for business as required
- You must be 18 years or older
- You must have a high school diploma or equivalent
- You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
- You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act
- Legal authorization to work in the U.S. is required
- PMP, PMI-ACP, or similar project management certification is a plus
- Fundamental understanding and Governance, Risk, and Compliance concepts, such as correlation of controls to registered risks
- Familiarity with regulatory / compliance frameworks such as NIST, CRI, FFIEC, and PCI DSS
- Solid understanding of information security concepts and emerging technologies, including cryptography, data protection, and endpoint security
- Demonstrated success managing complex technology programs in cybersecurity or related technical fields
- Exceptional interpersonal skills with proven ability to influence and collaborate across multiple teams and stakeholders without direct reporting lines
- Strong organizational and multitasking abilities, capable of managing competing priorities effectively
- Experience with agile and traditional project management methodologies and tools
- Ability to communicate technical concepts clearly to both technical and non-technical audiences
- Keen problem-solving, analytical skills, and a proactive approach to driving project outcomes