VP, InfoSec Governance & Business Operations

Job Description:

Role Summary/Purpose:

This leadership position is responsible for managing the operations and operating rhythms of the Information Security Governance & Business Operations function.  This includes leadership responsibility for The Office of the CISO, InfoSec Training & Awareness and the Information Security Solution Train. The role requires strong leadership and organization and has significant interaction with Information Security, Technology, Operational Risk, and Audit Leaders.

The role will lead the following teams:

• Governance/Office of the CISO:
• Training & Awareness: Table Top Exercise Coordination, After Action Review Management, Internal Training (i.e., PluralSite Administration, Certification Support, Onboarding Program, Rotation Program, Apprenticeship Program, SYF Leadership Training Coordinator, Lunch & Learns, etc.), Institute R&D Program Management, Training & Awareness Program, Social Engineering Program
• Information Security Solution Train: Agile Transformation, Scrum Master Leadership, PI Coordination & Delivery, Capacity Planning, Leadership Engagement
• Cyber Exercises: Lead the cyber exercise program and work across internal and external stakeholders to plan, design and execute multiple exercises on an annual basis.
• Strategic Planning Management, Finance / Budget Oversight, CISO Communications (i.e., Governance, Board, Regulatory, ELT updates, etc.), InfoSec Meeting and Event Management (i.e., Town Halls, Offsites, etc.), HR / Talent / Employee Engagement Oversight, Business Office Support (i.e., PO Support, Contractor Management, etc.), Industry Event Coordination (i.e., conferences, speaking opportunities, presentations, etc.)
• PSP Tracking & Management,  Program Assurance, Risk Advisory Services,  Program Management & Resourcing, Metrics, Dashboard & Reporting Oversight
• Management and annual update of the SYF Information Security strategy.  Creation of a strategic plan and the tracking of projects and activities to the delivery of the plan, including management of OKRs.

This position is critical to the development and maintenance of a strong Information Security environment and to ensuring applications, or systems, deployed in support of a business provide a level of protection appropriate to the class of information managed in those systems. This position also manages the business operations of Information Security such that is it is optimized to drive assurance and overall oversight of information security.

We are proud to offer you choice and flexibility. You have the option to be remote, and work from home, or come into one of our offices. You may be occasionally requested to commute to our nearest office for in person engagement activities such as team meetings, training and culture events.

Essential Responsibilities:

• Experience in the key responsibilities of the role.
• Provide direct strategic support to the CISO by managing the operations and operating rhythms of the Office of the CISO
• Work with Business, Risk, Infosec & Technology management to drive the information security program management activities, establishing a well-integrated cyber exercise program and highly resilient response and recovery capability
• Manage cybersecurity risks within the risk appetite for the corporation
• Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of IS controls
• Leadership and management, including hiring, training, staff development, and performance management of IS staff.
• Lead the team responsible for developing and implementing Information Security training & awareness programs for employees, contractors and approved system users.
• Provide oversight and leadership of the InfoSec Solution Train, including Agile Transformation, Scrum Master Leadership, PI Coordination & Delivery, Capacity Planning, and Leadership Engagement.
• Compile data and prepare application IS reports for management
• Lead and / or contribute to ad-hoc requests and projects as required
• Identify opportunities for process improvement
• Perform other duties and/or special projects as assigned

Qualifications/Requirements:

• Bachelor's degree Risk Management, Information Technology/Security,  or related discipline or equivalent with a minimum of 7 years of Information Technology/Security experience with 5 years management experience; OR in lieu of the Bachelor's degree, a minimum of 10 years of experience in Information Technology,  Information Security or Risk Management.

Desired Characteristics:

• Industry recognized certifications such as CISSP, CISA, CISM, CRISC, APMG are highly desirable
• Strong knowledge of information security principles, best practices, and technologies
• Familiarity with relevant laws and regulations, such as PCI-DSS, GDPR, etc.
• Excellent analytical, problem-solving and communications skills
• Ability to work independently and as part of a team

Eligibility Requirements:

• You must be 18 years or older
• You must have a high school diploma or equivalent
• You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
• You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
• New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles.  Once this new hire time in position requirement is met, the associate will have a minimum 6 months’ time in position before they can post for future non-exempt roles.  Employees, level 8 or greater, must have at least 18 months’ time in position before they can post.  All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don’t meet the time in position or performance expectations).

Legal authorization to work in the U.S. is required.  We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. 

Our Commitment:

When you join us, you’ll be part of an inclusive culture where your individual skills, experience, and voice are not only heard – but valued. Together, we’re building a future where we can all belong, connect, and turn ideals into action. More than 50% of our workforce is engaged in our Employee Resource Groups (ERGs), where community and passion intersect to offer a safe space to learn and grow.

This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status. We’re proud to have an award-winning culture for all. 

Reasonable Accommodation Notice:

• Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
• If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627.   Representatives are available from 8am – 5pm Monday to Friday, Central Standard Time

Job Family Group:

Information Technology