Job Description:

Role Summary/Purpose:

This position is a leadership role responsible for leading the Information Security (IS) Risk Management function, in the first line of defense, comprised of the following functions: IS policies, standards, and procedures; maintenance of the IS control framework; control monitoring and surveillance; risk assessments; 3rd party risk management; customer and client information security advisory services; and risk management coordination. 

This position is a focal point for ensuring that there is a strong Information Security environment as well as ensuring applications, or systems, deployed in support of a business provide a level of protection appropriate to the class of information managed in those systems.

We’re proud to offer you choice and flexibility. You have the option to be remote, and work from home, or come into one of our offices. You may be occasionally requested to commute to our nearest office for in person engagement activities such as team meetings, training and culture events.

Essential Responsibilities:

• Develop and implement comprehensive information security risk management frameworks, policies, and procedures aligned with industry standards, regulatory requirements, and organizational objectives.

• Maintain strong relationships with IS Governance for regulator/auditor/customer response coordination, Tech & Ops Governance, IT, Operational Risk Management, Privacy, the Business, Audit, Regulators, and executive management. 

• Lead risk assessment activities to identify, evaluate, and prioritize information security risks across the organization, including threats, vulnerabilities, and potential impacts.

• Establish risk mitigation strategies and controls to address identified risks, ensuring appropriate safeguards are in place to protect sensitive information and systems.

• Collaborate with cross-functional teams (e.g., control officers, technology leaders, engineering, etc.) to integrate risk management considerations into the design, development, and deployment of new technologies, systems, and processes.

• Provide guidance and support to business units and departments in assessing and managing information security risks associated with their operations and initiatives.

• Conduct regular risk assessments, audits, and evaluations to monitor the effectiveness of security controls and compliance with policies and regulatory requirements.

• Stay abreast of emerging threats, vulnerabilities, and industry trends to proactively identify and address potential risks to the organization.

• Serve as a subject matter expert on information security risk management matters, providing guidance, training, and awareness programs to employees at all levels.

• Develop and maintain strong relationships with external partners, vendors, and industry peers to stay informed about best practices and collaborate on security initiatives.

• Prepare and present regular reports and updates to executive leadership and relevant stakeholders on the status of information security risks, compliance efforts, and risk mitigation initiatives.

• Raise the core capabilities of cybersecurity as a risk management function that informs and partners with the business, while providing complete transparency and managing cybersecurity risk within the company’s enterprise risk appetite.

• Regularly assess aggregate cybersecurity risks to assure containment of residual risks within the company’s risk appetite

• Compile data and prepare IS risks reports for management

Qualifications/Requirements:

• Bachelor’s degree in Information Security, Computer Science, Technology, Information Assurance, Risk Management or related field; advanced degree preferred.

• Minimum of 10 years of experience in information security, risk management or technology, with at least 5 years in a leadership or management role.

Desired Characteristics:

• Relevant certifications such as CISSP, CRISC, CISM, CISA, are highly desirable.

• Advanced problem-solving skills and the ability to work collaboratively with other departments to resolve complex issues with innovative solutions.

• Strong process and project management skills including the ability to manage several large initiatives simultaneously.

• Results-driven with ability to manage a diverse team and multiple complex assignments, set and adjust priorities, and manage team assignments based on criticality, in a timely and professional manner

• Excellent skills in preparing and presenting strategies, recommendations, and value propositions to senior leadership teams.

• Excellent writing and interpersonal skills

• Strong judgment and decision-making skills

• Thorough understanding of industry and corporate technology standards for Information Security

• Strong understanding of business processes in support of online and mobile channels for financial industries

• Strong knowledge of software development/deployment methodologies in web/mobile based environments.

• Strong knowledge of software security for web and mobile applications

Grade/Level: 14

The salary range for this position is 150,000.00 - 250,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.

Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.

Salaries are adjusted according to market in CA, NY Metro and Seattle.

Eligibility Requirements:

• You must be 18 years or older

• You must have a high school diploma or equivalent

• You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process

• You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.

• New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months’ time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months’ time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don’t meet the time in position or performance expectations).

Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. 

Our Commitment:

When you join us, you’ll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard—but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work. Together, we’re building a future where we can all belong, connect and turn ideals into action. Through the power of our 8 Diversity Networks , with more than 60% of our workforce engaged, you’ll find community to connect with an opportunity to go beyond your passions.

This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status.

Reasonable Accommodation Notice:

• Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

• If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am – 5pm Monday to Friday, Central Standard Time

Job Family Group: