Sr. Analyst Third Party Risk Assessments (L 09)

Job Description

Role Summary:This role will focus on Information Security Third Party Risk, including assessing new and existing Synchrony suppliers as well as contributing to the assessment of new ventures. The role will provide oversight to ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements. The role will participate in audits, reviews, and assessments to ensure compliance with multiple compliance and regulatory standards and frameworks including, but not limited to, FFIEC CAT, NIST, PCI-DSS, SOX 404, etc. This individual will liaise with Supplier Managers and Procurement to remediate new and outstanding issues and track security-related issues in an electronic GRC system. Additionally, the role has responsibility to assist the leadership team and provide required documentation as needed.Essential Responsibilities:Experience with Information Security Risk Assessments, Audit, or Third Party RiskAbility to perform end to end information security risk assessments i.e. risk profiling to risk mitigation for third party suppliersAbility to monitor key suppliers through security rating services and determine impact to SYF as part of continuous monitoring initiativesKnowledge on emerging technologies like Cloud, API, Containers etc. to effectively assess supplier risk and provide recommendations as mitigation strategiesAwareness on emerging threats like Ransomware, Advanced Persistent Threats(APTs) to ensure adequate controls exist to reduce supplier risk exposureExperience with reviewing industry standard audit/assessment artifacts like SOC reports, PCI AOC, Shared Assessments SIG etc. would be preferredAbility to perform adhoc reviews around specific attack vector like zero-day vulnerabilities, security misconfigurations etc.Able to communicate Information Security Risks to Business Stakeholders at all levels and to Suppliers.Knowledge of Information Security Best Practices and Controls.Able to evaluate supplier control effectiveness by reviewing policies, procedures, controls, systems and processes to identify control gaps.Recommend policy and coordinate review and approval.Initiate escalation to management for resolution on any technical or non-technical issues.Provide third party risk guidance to cyber management, staff, and users.Help evaluate successful implementation and functionality of security requirements and appropriate information technology (IT) solutions that are consistent with the organizations mission and goals.Perform other duties and/or special projects as assigned.Qualifications/Requirements:Bachelors Degree in any disciplineMinimum 3+ years of Information Technology experience.Minimum 2+ years of experience working in a related field.Must have hands-on experience/demonstrated ability to work with MS Office, VISIO, MS Excel.Must be analytical with a high attention to detail and accuracy.Must have proven problem-solving skills.Experience with working with remote teams.For internal candidates: Understand the criteria or mandatory skills required for the role, before applying.Inform your manager or HRM before applying for any role on Workday.Ensure that your Professional Profile is updated (fields such as Education, Prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format).Must not be any corrective action plan (First Formal/Final Formal, PIP).Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.Level 8+ employees can applyDesired Characteristics:Excellent communication skills; highly motivated and demonstrate high level of initiativesGood knowledge on Information Security Domains.Excellent interpersonal skills with ability to influence clients, team members, management and external groups.Ability to integrate into a large team, support team goals, and take direction from technical lead and other leadership.Certified CISSP or CRISC or CISA preferred.Grade/Level: 09Job Family Group:Information Technology,

Keyskills :
business processbusinessBusiness Process DesignMaster DataFinancialsSAP ImplementationBusiness Process ReengineeringIDocSAP SalesDistribution