AVP, Insider Risk Investigator (L10)

Job Description:

Role Title : AVP, Insider Risk Investigator (L10)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #5 among India’s Best Companies to Work for 2023, #21 under LinkedIn Top Companies in India list, and received Top 25 BFSI recognition from Great Place To Work India. We have been ranked Top 5 among India’s Best Workplaces in Diversity, Equity, and Inclusion, and Top 10 among India’s Best Workplaces for Women in 2022.

• We offer 100% Work from Home flexibility for all our Functional employees and provide some of the best-in-class Employee Benefits and Programs catering to work-life balance and overall well-being. In addition to this, we also have Regional Engagement Hubs across India and a co-working space in Bangalore.

Organizational Overview:

Synchrony’s Information Security Insider Risk Management program provides a cross-collaborative framework to detect, investigate and remediate insider risks to Synchrony data. The program objective is to drive the strategic direction of data protection and investigate allegations of suspicious internal activity involving Synchrony data egress or abuse. The Insider Risk Management program is comprised of Research, Investigations and Forensics and eDiscovery. This role will be part of the Investigations function and will be responsible for detecting and responding to insider risk use case alerts in coordination with appropriate stakeholders.

Role Summary/Purpose:

The AVP, Insider Risk Investigator is responsible for reviewing and responding to potential insider risks incidents. The candidate should have significant data loss prevention and insider risk investigations experience. As a member of the Insider Risk Management team, the individual will work within established operating procedures to respond to insider risk investigations and will work on information security projects supporting Insider Risk business objectives and those of the program’s stakeholders. The individual will have knowledge of Insider Risk investigations, reporting, investigative tools, and laws/regulations and work within the program framework, strategy, technology, and program governance standards & procedures.

Key Responsibilities:

• Respond to insider risk use case alerts originating from Data Loss Prevention (DLP) platforms or from other sources of identification

• Draft clear and concise alert escalation reports allowing for efficient hand-off from alert review to investigation

• Utilize knowledge of threat privacy principles & vulnerabilities and specific operational impacts of insider lapses in assessing potential insider risk events and incidents.

• Identify opportunities to refine and enhance DLP policies to reduce false positives

• Aid with documentation of processes related to DLP and investigations as necessary and requested.

• Understand relevant risk management processes and laws, regulations, policies and ethics as they relate to insiders and the accompanying threats

• Identification of system files (e.g., log files, registry files, configuration files) that contain relevant information and where to find those system files as they relate to insider risks and data exfiltration.

• Perform daily insider response operations, with a schedule that may involve nontraditional working hours, work small to medium size projects as directed by management.

• Assist in designing data protection strategy with all data protection tools in the environment (email gateway, endpoint DLP, network DLP, CASB, etc.).

• Identify gaps in the existing data protection toolset.

• Provide feedback to the Insider Risk Management team and its leaders.

• Perform other duties and/or special projects as assigned.

• Work independently when necessary and be self-directed when appropriate.

• Work with a globally distributed team and rely heavily on electronic communication.

• Work with the business to prioritize sensitive data for protection.

Required Skills/Knowledge:

• At least 4 years of relevant insider threat, intelligence, cyber threat, or investigative experience.

• At least 2 years of experience in DLP or security operations.

• Demonstrated success in close working collaboration with cyber security, intelligence, HR and Legal.

• Advanced knowledge in DLP, Email, Endpoint, SIEM/UEBA, and other security tools.

• Expertise in both working in and handling sensitive areas/materials.

• Experience in handling investigations, leveraging best-practice in adherence to approved procedures.

• Experience developing and communicating findings to non-technical business areas.

• Experience using analytical skills and an ability to interpret established standards and guidelines to solve problems.

• Good understanding of possible methods of internal and external data movement.

• Ability to navigate the global network to identify intelligence and detection sources.

• Analytical ability, attention to detail, problem solving, consultative skills and innovation.

• Able to communicate complex information, concepts, or ideas in a confident and well-organized. manner through verbal, written, and/or visual means.

• Able to function effectively in a dynamic, fast-paced environment.

Desired Skills/Knowledge:

• Understanding of cyber tactics, technologies and procedures to counter insider threats.

• Awareness of the latest cyber security trends and developments.

• Knowledge of Incident Response procedures.

• Excellent verbal and written communications.

• Analytical and evaluative thinking.

• Interpersonal and leadership skills.

• The ability to work in a fast-paced environment to include the translation of concepts and issues into messaging easily understood by senior leadership.

• Strong analytical skills/problem solving/conceptual thinking.

• Ability to conduct multi-source investigations in collecting and analyzing qualitative and quantitative data.

• Ability to work on initiatives with little oversight.

• Motivated and willing to learn.

• Must be comfortable effectively communicating intelligence to technical and non-technical audiences.

• Leadership skills and qualities which enable working with peers and various levels of management.

Eligibility Criteria:

Bachelor’s degree with a minimum of 4 years of experience including experience in Information Security or Intelligence experience or in lieu of Bachelor’s degree, 6years of experience including Information Security or Intelligence.

Work Timings: 03:00 PM to 12:00 AM (IST)

This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time – 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying.

• Inform your manager and HRM before applying for any role on Workday.

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format).

• Must not be any corrective action plan (First Formal/Final Formal, PIP).

• L08+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.

• L08+ Employees can apply.

Grade/ Level : 10

Job Family Group: