VP, Operational Risk - Information Security & Resiliency
Synchrony - Alpharetta, GA
posted 5 months ago
About the position
We are seeking a highly skilled and knowledgeable Risk Manager to join our Second Line of Defense (2LoD) team, focusing on Information Security and Business Resiliency. This role is responsible for overseeing information security and organizational resiliency risks at Synchrony, including those at third-party service providers. The Risk Manager will independently identify, assess, monitor, and report on risk management practices, providing guidance to improve them. This position reports to the VP, Operational Risk - IS & Resilience Oversight Leader. In this role, you will collaborate with cross-functional risk teams to monitor, challenge, and test the effectiveness of information security and resilience programs. You will assess Information Security measures, including Data Protection, Identity & Access Management, Resiliency, Disaster Recovery, and Business Continuity capabilities. Additionally, you will measure and report on technology resilience to support business continuity. You will plan and execute independent risk assurance engagements, overseeing and challenging the first line of defense's third-party risk assessment processes, including monitoring and investigating operational risk incidents. Your responsibilities will also include providing oversight and effective technical challenges to Information Security and Resilience teams to develop and implement controls for Public Cloud Migrations, ensuring compliance with security standards and best practices. Conducting targeted, point-in-time technical risk assessments and evaluating risks associated with changes to business strategic initiatives, processes, and controls will be a key part of your role. You will work to align tasks with the Information Risk Oversight Framework (IROF) to plan, track, and report on risks and control effectiveness, while also monitoring information risks and associated risk appetite thresholds, reporting findings to governing committees and sub-committees. Engaging and communicating with regulators as needed to inform on Synchrony's Information Security and Resiliency programs will also be part of your responsibilities.
Responsibilities
- Collaborate with cross-functional risk teams to monitor, challenge, and test the effectiveness of information security and resilience programs.
- Assess Information Security measures, including Data Protection, Identity & Access Management, Resiliency, Disaster Recovery, and Business Continuity capabilities.
- Measure and report on technology resilience to support business continuity.
- Plan and execute independent risk assurance engagements.
- Oversee and challenge the 1LoD's third-party risk assessment processes, including monitoring and investigating operational risk incidents.
- Provide oversight and effective technical challenges to Information Security and Resilience teams to develop and implement controls for Public Cloud Migrations.
- Conduct targeted, point-in-time technical risk assessments and evaluate risks associated with changes to business strategic initiatives, processes, and controls.
- Align tasks with the Information Risk Oversight Framework (IROF) to plan, track, and report on risks and control effectiveness.
- Monitor information risks and associated risk appetite thresholds, reporting findings to governing committees and sub-committees.
- Engage and communicate with regulators as needed to inform on Synchrony's Information Security and Resiliency programs.
Requirements
- A Bachelor's Degree or, in lieu of a degree, 9+ years of hands-on technology experience.
- A minimum of 5 years of hands-on technical experience in Information Technology (e.g., network architecture, software development, application management, information security) and an additional 5 years of formal Information Security Risk experience.
- Current engineering IT, IS, and Cyber Security skills commensurate to understand and challenge architectural designs, configurations, IP packet flows, and evaluate technical controls effectiveness.
- Experience in conducting technical risk assessments and evaluating engineering controls for adequacy and effectiveness.
- Experience in industry specific frameworks and standards like ISO, COBIT, NIST, CRI Profile, DORA and DSS PCI.
Nice-to-haves
- 2+ years of experience in Public Cloud Adoption (AWS, Google, Azure) with a comprehensive understanding of IaaS, PaaS, and SaaS models.
- 2+ years of risk management experience in the financial services industry.
- 2+ years of experience in project management.
- 2+ years of experience in Resiliency, Business Continuity, and Disaster Recovery (BC/DR).
- Industry-recognized certifications, such as: CISSP, CISA, CISM, CRISC, CSIRT, CCSP, CCSK, AWS Solutions Architect Associate, Microsoft Azure Fundamentals, Google Associate Cloud Engineer.
Benefits
- Work from home
- Annual bonus based on individual and company performance
