AVP, InfoSec Engineer - Cloud Security (L10)

Job Description:

Role Title: AVP, InfoSec Engineer - Cloud Security (L10)

Company Overview:

COMPANY OVERVIEW: Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #5 among India’s Best Companies to Work for 2023, #21 under LinkedIn Top Companies in India list, and received Top 25 BFSI recognition from Great Place To Work India. We have been ranked Top 5 among India’s Best Workplaces in Diversity, Equity, and Inclusion, and Top 10 among India’s Best Workplaces for Women in 2022.

• We offer 100% Work from Home flexibility for all our Functional employees and provide some of the best-in-class Employee Benefits and Programs catering to work-life balance and overall well-being. In addition to this, we also have Regional Engagement Hubs across India and a co-working space in Bangalore.

Organizational Overview:

Synchrony Information Security Architecture organization is focused on enabling security of business products, services, technology platforms and solutions by using principles of Secure by Design, early engagement and risk-based approach. Information Security organization plays a crucial role in safeguarding information assets by delivering security architecture and design outcomes while working with cross functional teams, addressing risk and ensuring compliance with applicable requirements.  

Role Summary/Purpose:

The Cloud Security Engineer will be a key role in safeguarding the organizations systems, networks, and data in the cloud. The position is responsible for documenting and enforcing cloud security hardening standards. In addition, this role will be responsible for monitoring and remediating cloud alerts, communicating security requirements to cloud platform users, and participating in Cloud Security team meetings.

Key Responsibilities:

• Monitor cloud platform compliance via Cloud Security Posture Management tools Enforce cloud security hardening requirements across cloud environment via alert remediation

• Continuously evaluate and improve cloud security team processes to bolster efficiency and reduce manual work

• Effectively communicate importance of cloud security to application teams

• Document and maintain metrics certifying cloud security posture Plays a key role in identifying misconfigurations of policy or alerts which safeguard the organization’s platforms and systems 

• Adopting and promoting engineering excellence by identifying efficiencies and synergies through means of collaboration and automation 

• Identifies problems and clearly articulates solutions and recommendations 

• Collaborates with architecture to identify capability gaps, develop requirements, identify solutions to address, assist with proof of concepts and testing of solutions 

• Partners with peers within the organization to effectively prioritize work by using agile processes and ensuring risks, impediments, and asks are brought to leadership in a timely fashion 

• Managing technology from ground up and understanding gaps within the tech stack, including overlap with other technology and/or coverage, capability gaps 

• Maintaining technology from a business as usual (BAU) aspect by ensuring the proper change management, incident management, disaster recover processes are occurring and current 

• Providing day to day operations support for technology and processes, ensuring superior customer service is being met, and identifying process improvements 

• Serving as a mentor or a subject-matter expert (SME) to other InfoSec team members and/or stakeholders throughout the organization 

• Perform other duties and/or special projects as assigned

Required Skills/Knowledge:

• Bachelor's degree in Information Security, Computer Science, or a related field with minimum of 4+ years of practical experience in information security, or in lieu of a degree 6+ years of practical experience in information security.

• In-depth knowledge of information security principles, standards, and best practices.

• Strong analytical and problem-solving skills paired with strong written and verbal communication skills to articulate complex security concepts to both technical and non-technical audiences.

• Experience working collaboratively with cross-functional teams and business units.

Desired Skills/Knowledge:

• Engineering and/or architecture experience 

• Cyber Security experience, especially around designing, building and management solutions 

• Understanding of information security practices and policies, including risks and threats 

• Good understanding of security landscape as a whole 

• Experience working in AWS with services such as GuardDuty, Cloudtrail, Lambda, Cloudformation, IAM, Config, etc Familiarity with Microsoft Azure cloud

• Experience handling and responding to cloud alerts

• Knowledge of SIEM tools such as Splunk Understanding of compliance requirements and tools for the public cloud Creativity and individual thinking, and the ability to work both with a team and unsupervised 

• Strong and efficient problem-solving and analytical skills, willingness to learn  Understanding of public cloud platforms from an infrastructure and development aspect 

• Ability to work under pressure and sustain productivity with multiple simultaneous projects  Familiarity with problem and incident management, change management, notifications, and basic operational understanding of running and maintaining infrastructure  Good teamwork, oral and written communication 

Eligibility Criteria:

Bachelor's degree in Information Security, Computer Science, or a related field with minimum of 4 years of practical experience in information security, or in lieu of a degree 6+ years of practical experience in information security.

Work Timings: This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time – 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs.

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (First Formal/Final Formal, PIP)

• L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.

• L08+ Employees can apply

Grade/Level: 10

Job Family Group: