Information Security Analyst (L08)

Job Description:

Role Title: Information Security Analyst (L08)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.

• Synchrony celebrates ~51% women diversity, 105+ people with disabilities, and ~50 veterans and veteran family members.

• We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.

• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.

Organizational Overview: This role belongs to the Cryptography Engineering organization within the Information Security function.

Role Summary/Purpose: The Information Security Analyst will be responsible for planning and implementing security measures to protect computer systems, networks and data. The person in this position is responsible for a broad range of multi-tasking, including the day-to-day management of information security tools and devices, project implementation of security initiatives, and will include significant responsibilities for the security administration of a wide variety of IT systems across the enterprise. The individual in this position interacts closely with associates from various IT teams — including the application development, infrastructure, and business intelligence teams — and with many other business areas throughout the organization. This position is also responsible for access controls, security incident detection and response, security control documentation, and reporting.

Key Responsibilities:

• Serve as the subject matter expert (SME) for technical security: solutions, controls and architecture

• Provide day-to-day administration and technical support for Secrets Management tools like Hashicorp Vault, AWS Secrets Manager , AWS KMS etc.,

• Provide technical security administrative duties for infrastructure related to firewalls, encryption, intrusion detection systems, vulnerability scanning, security monitoring tools, authentication, web filtering, identity management, access control systems, and their associated logs and processes

• Provision and audit access controls on information systems containing sensitive data

• Some IT audit functions such as folder permission requests and proper Active Directory (AD) account use

• Monitor system logs, tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution

• Perform risk and vulnerability assessments, followed by appropriate remedial action, to mitigate risk and ensure that systems are protected from known and potential threats and are free from known vulnerabilities

• Contribute to IT risk identification, classification and response processes

• Contribute to the enterprise risk management process as needed

• Perform technical security project implementations and meet project deadlines

• Actively contribute to inter-departmental and cross-functional teams for the protection of information assets

• Research and stay up-to-date on current security threats and vulnerabilities to relevant information systems

• Provide support for the preparation and execution of InfoSec audits

• Provide support and direction for improving InfoSec policies, processes, and standards

Required Skills/Knowledge:

• Bachelor's degree in an Information Technology or a similar field with 0-2 years of experience.

• Hands-on experience with encryption protection platforms like Hashicorp Vault, AWS Secrets Manager, KMS, Azure Key Vault, CipherTrust etc.

• Expertise in deploying encryption solutions

• Proficiency in configuration and managing encryption security tools

• Strong Ability to diagnose and resolve complex security issues

• Experience with change and incident management methodologies

• Experience working hybrid and multi-cloud (IaaS/PaaS/SaaS) environments

• Competency in using scripting languages such as PowerShell, Python or Bash for automating security tasks and developing custom tools

• Effective in documenting processes, reporting incidents, and collaborating with technical and non-technical teams

• Creating scripts, Ansible Playbooks and understanding of DevOps to support CI/CD.

• Understanding on Terraform to support automation

• Demonstrated experience coordinating and supporting complex enterprise projects, including endpoint security tools deployment, enhancements, integrations, and upgrades

Desired Skills/Knowledge:

• Displays passion and responsibility to the customer either internal or external

• Good Understanding on Encryption tools like Hashicorp Vault and Cloud services like AWS KMS, Azure Key Vault, AWS Secrets Manager etc.,

• Good understanding of IS security controls, monitoring systems and business drivers that impact security policy and practice.

• Understand DevOps and ability to build pipe lines as part of CI/CD framework.

• Knowledge of IS security principles and best practices

• Knowledge and experience with Secure coding practices/ System Integration/ Network Administration/ TCP/IP protocols/ Intrusion Detection/Prevention/ Security Incident handling/ Security Information and Event Management (SIEM)

• Experience reviewing information and articulating solutions in a fast growing and dynamic environment

• Ability to work well with others in a collaborative and dynamic environment with an expectation to assist in all InfoSec areas as needed

• Qualys, Splunk,  or other security tool knowledge a plus

• Strong organizational and analytical skills

• Excellent multi-tasking abilities

• Excellent communication and writing skills

• Excellent interpersonal skills

• Persuasion and negotiation skills

• Must be flexible and able to work in a team environment

Eligibility Criteria:

• Bachelor's degree in an Information Technology or a similar field with 0-2 years of experience.

Work Timings:  3:00 pm to12:00 am IST (Candidate should be flexible working in shifts)

This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time – 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (First Formal/Final Formal, PIP)

• L4 to L7 Employees who have completed 12 months in the organization and 12 months in current role and level are only eligible.

• L8 Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.

• L04+ Employees can apply

Grade/Level: 08

Job Family Group: