VP, Threat Intelligence Operations and Automation Leader

Role Summary/ Purpose:  

The VP, Threat Intelligence Operations and Automation Leader is responsible for leading the strategy and operations of Cyber Intelligence, Threat Informed Defense, and Security Automation programs supporting Cyber Operations and Information Security. The Leader is responsible for strategy, operational oversight, and governance of all aspects of cyber threat intelligence–to include ensuring Synchrony’s cyber detection program is properly aligned and responsive to cyber threats– the design and deployment of detection content, and for security automation supporting the 24×7 Joint Security Operations Center (JSOC) and other Information Security automation requirements The ideal candidate will possess deep technical understanding of threat intelligence, cyber-fraud, cyber detection, security automation, and how to best service intelligence, detection, and automation requirements of a 24×7 security operations and incident response center. 

We’re proud to offer you choice and flexibility. At Synchrony, our way of working allows you to have the option to work from home, near one of our Hubs or come into one of our offices. Occasionally you may be required to commute to our nearest office for in person engagement activities such as business or team meetings, training and culture events.

Essential Responsibilities:

• Lead and set the long-term and day-to-day organizational strategies and operational rhythms for teams responsible for Digital Risk Intelligence (cyber-fraud intelligence), Technical Intelligence, Threat Informed Defense (cyber detection), and Security Automation.  

• Define and implement strategies and processes related to end-to-end detection and response activities and tradecraft that increase the organizations’ abilities; maintain strong oversight and governance of those processes and capabilities allowing for evaluation of risks.  

• Engage and partner with leaders internal to Information Security, Technology, Fraud, and across the business to identify intelligence, detection and security automation requirements. 

• Supervise and set standards for intelligence analysis and production across all delivery mediums. 

• Define and implement strategies and processes for identification, collection, and processing of prioritized intelligence from external and internal sources and maintain accountability for supplier-provided intelligence providers and tools.      

• Establish and maintain technical workflows to identify detection and automation requirements, to prioritize related work, and to deploy content and alerting, to include methods to validate and evaluate the accuracy and continued validity of underlying detection and automation code.  

• Utilize industry best practices and frameworks to adopt and/or create custom detection content and to catalog detection content in a prioritized fashion. 

• Participate in cross-sector engagements to benchmark teams’ capabilities, identify strategic and tactical requirements, and to increase maturity as related to cyber intelligence, cyber detection, and security automation. 

• Identify and define means to measure program operations and effectiveness on a recurring and ad-hoc basis (KPI/KRI) in conjunction with direct-subordinates responsible for day-to-day operations. 

• Lead engagements with suppliers directly supporting the Threat Intelligence Operations and Automation function to include evaluation and onboarding of new suppliers; assist in budget builds. 

• Maintain, revise and draft procedures and controls necessary to aid in effective risk and governance for all facets of the Threat Intelligence Operations and Automation function. 

• Prioritize mentoring, leadership, and administrative management of assigned personnel to include goal setting, feedback, and performance evaluation. 

• Perform other duties and/or special projects as assigned. 

Qualifications/ Requirements: 

•  Bachelor’s degree in Computer Engineering or related field, with a minimum of 7 years of experience in Information Technology or in lieu of Bachelor’s degree, High School diploma and 10 years of Information Technology experience Prior cyber intelligence, detection and security automation experience 

• Prior cyber incident response experience and/or experience working in high tempo cyber operations environments. 

• Results driven, strategic, conceptual, and innovative thinker. 

• Experience presenting to senior management. 

• Highly analytical, detail-oriented, and strong problem solving with a common-sense approach to resolving problems. 

• Expertise to clearly define complex issues despite incomplete or ambiguous information. 

• For internal Synchrony applicants, a minimum of 18 months in company and 12 months in current role is a must. Employees in active CAP/PIP are not eligible to apply for the role. Employees with performance rating of CT or OC are only eligible. 

Desired Characteristics:

• One or more relevant security certifications (CISSP, SANS GIAC, GPEN, GCIA, etc.) 

• Deep knowledge and experience with detection content creation and tuning as related to SIEM, UEBA, NGAV/EDR, IDS/IPS, DLP and other detection technologies 

• Experience with SOAR and other automation platforms 

• Experience with Cloud detection and response activities and technologies  

• Experience performing cyber threat analysis, detection engineering, threat hunting and incident response. 

• Understanding of industry intelligence, detection and response frameworks including  MITRE ATT&CK  

• Knowledge of crisis management, threat modeling, vulnerabilities management and application security 

• Strong technical knowledge of scripting languages and data access methodologies 

• US Government Security Clearance 

• Strong oral and written communications skills 

• Strong analytical and evaluative thinking 

• Strong Interpersonal and leadership skills 

• Excellent consulting skills and superior ability to develop and maintain effective client relationships 

• Proven experience with program and project management methodologies, specifically Agile, and a solid track record of delivering business value 

Grade/Level: 14

The salary range for this position is 170,000.00 – 290,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.

Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.

Salaries are adjusted according to market in CA, NY Metro and Seattle.