Sr.Analyst - IS Risk Management Assurance (L09)
Synchrony
Date: 2 weeks ago
City: Kolkāta, West Bengal
Contract type: Full time
Role Title: Sr.Analyst - IS Risk Management Assurance - Analyst (L09)
Company Overview
Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.
Synchrony’s Information Security Risk Management program’s mission is to protect and enable Synchrony's business by integrating security risk management into our Technology landscape by proactively addressing emerging risk themes. Members of this group would have diversified exposure to Assessments and Audits (PCI, HIPAA etc.), Issue Management, Third Party Risk Management.
Role Summary/Purpose
This role would be supporting information security assurance function part of information security risk management. The role will provide oversight to ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements. The role will also participate in audits, reviews, and assessments to ensure compliance with multiple compliance and regulatory standards and frameworks including, but not limited to NIST, PCI-DSS, SOX 404, etc
Key Responsibilities
For Internal Applicants
Information Technology
Company Overview
Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.
- We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.
- We provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
- We provide career advancement and upskilling opportunities, focusing to take up leadership roles.
Synchrony’s Information Security Risk Management program’s mission is to protect and enable Synchrony's business by integrating security risk management into our Technology landscape by proactively addressing emerging risk themes. Members of this group would have diversified exposure to Assessments and Audits (PCI, HIPAA etc.), Issue Management, Third Party Risk Management.
Role Summary/Purpose
This role would be supporting information security assurance function part of information security risk management. The role will provide oversight to ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements. The role will also participate in audits, reviews, and assessments to ensure compliance with multiple compliance and regulatory standards and frameworks including, but not limited to NIST, PCI-DSS, SOX 404, etc
Key Responsibilities
- Collaborate with the team and collectively respond client information security assessments
- Engage with clients to discuss assessment findings, address questions or concerns, and provide guidance and support during client assessment
- Document client assessment responses to support processes and commonly asked questions
- Document and respond to shared assessments SIG(Standardized Information Gathering) questionnaire for external client assessments
- Familiarity with Information security policies, procedures and standards to support client assessments
- Review and action alerts from Security Rating Tools used to monitor SYF security posture
- Support identification of process improvements and implementation of changes
- Maintain clear and open communication with key stakeholders throughout the assessment process, including client representatives and internal teams
- Continuous Improvements: Obtain feedback from clients and internal teams to identify areas for process improvement, refine assessment methodologies, and enhance the quality and value of future client assessments
- Perform RCSA (Risk & Control Self Assessments) against organization policies, standard controls and regulatory control frameworks
- Work collaboratively with all teams in InfoSec to gather evidence from their processes in support of documenting and validating the assurance of RCSA controls
- Report any control violation findings through organization risk management framework or model
- Support administrative and maintenance tasks associated with GRC and SRS Tools(Black kite)
- Evaluate and communicate security risks and solutions to business partners and IT management/staff
- Support risk management special projects for Ex:External Outbound data etc.
- Bachelor’s Degree in Computer Engineering or related field, with a minimum of 2 years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 4 years of experience in Information Security.
- Minimum 2 years of experience conducting security risk assessments
- Good understanding of IS Risk Management Concepts
- Good understanding of IT related US Banking regulations & industry best practices (IT SOX 404, NIST, PCI DSS, HIPAA etc.)
- Excellent interpersonal skills with ability to influence team members, management & external groups
- Self-motivated & able to work independently or in a team environment & work with virtual teams
- Good understanding of foundational cloud security concepts
- In depth understanding of Information Security and Risk Management foundational concepts
- Good understanding of data protection, Cloud and AI related concepts/technologies
- Experience third party risk assessment tools and technologies such as SIG, UpGuard, Process Unity etc.
- Bachelor's degree in Information Security, Computer Science, or a related filed with minimum of 2 years of practical experience in Information Security and in lieu of Bachelor’s Degree minimum of 4 years of relevant experience.
For Internal Applicants
- Understand the criteria or mandatory skills required for the role, before applying
- Inform your manager and HRM before applying for any role on Workday
- Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)
- Must not be any corrective action plan (First Formal/Final Formal, Lpp)
- L4 to L7 Employees who have completed 12 months in the organization and 12 months in current role and level are only eligible.
- L7+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.
- L07+ Employees can apply
Information Technology
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
Microsoft -CRM Technical -Manager
EY,
Kolkāta, West Bengal
6 days ago
At EY, we’re all in to shape your future with confidence.We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.Join EY and help to build a better working world.AI Business Solutions – Dynamics CRM Technical Manager Specialized:At EY, we’re all in to shape your future with confidence.We’ll help...
Medical Representative
Alembic Pharmaceuticals,
Kolkāta, West Bengal
2 weeks ago
Job Description
1. Carrying out effective field work to achieve and surpass the assigned budget by generation of prescriptions through medical professionals (HCPs).
2. Carrying out the effective RCPA and entering the correct information in the system and prepare / set objective (Pre Call Planning) for every Doctor call.
3. Demonstrate and promote products to HCPs (doctors and pharmacists) as...
Graduate Engineer Trainee
GE HealthCare,
Kolkāta, West Bengal
2 weeks ago
Job Description SummaryYou will be responsible for all resources and logistics required to perform services and maintenance activities on customers' sites. This includes maintaining, repairing, and refurbishing sold or existing products, managing maintenance facilities, and field services engineering. You will be accountable for the quality of your work, following prescribed work instructions and systems checking within a well-defined operations framework.GE...