AVP, Data Encryption (L11)

Job ID: E2403242

Job Description:

Role Title:  AVP, Data Encryption

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India’s Best Companies to Work for 2024, #21 under LinkedIn Top Companies in India list, and received Top 25 BFSI recognition from Great Place To Work India. We have been ranked Top 5 among India’s Best Workplaces in Diversity, Equity, and Inclusion, and Top 10 among India’s Best Workplaces for Women in 2022.

• We offer 100% Work from Home flexibility for all our Functional employees and provide some of the best-in-class Employee Benefits and Programs catering to work-life balance and overall well-being. In addition to this, we also have Regional Engagement Hubs across India and a co-working space in Bangalore.

Organizational Overview: This role belongs to the Security Engineering and Cryptography organization within the Information Security function.

Role Summary/Purpose:

The Encryption Key Tech Lead will be responsible for driving the strategy to standardize management of cryptography keys and secrets throughout Synchrony’s cloud and on-premises environments. This role partners closely with stakeholders across Synchrony’s technology teams to identify emerging use cases leveraging encryption keys, and define enterprise patterns to ensure secure storage and lifecycle management. This role will also be responsible for acting as a trusted advisor for peers and other stakeholders within the organization.

Key Responsibilities:

• Enhance and maintain Synchrony policies, standards, and procedures relevant to secrets management, specifically encryption keys

• Partner with stakeholders across the organization to capture existing and emerging use cases that leverage encryption keys

• Standardize metrics and reporting over enterprise use of encryption keys to drive more efficient program oversight

• Establish scalable and sustainable processes to identify and remediate non-compliant encryption keys 

• Engage in and attend enterprise forums such as Architecture Review Board and the Cloud Design Authority

• Implementation and technical lead responsibilities that include ongoing engineering/DevSecOps support for a global secrets management program that leverages a portfolio of data protection capabilities

• Provide leadership and drive accountability with third party engagement partners

• Contribute subject matter expertise regarding secrets management best practices

• Organize, prioritize, and communicate program deliverables and progress to senior leadership

• Identify program risks and recommend thoughtful mitigations

Required Skills/ Knowledge:

• A total of 6+ years working experience, with a minimum of 5+ years engineering and/or architecture experience in in Data Protection, IAM, and/or Information Security or in lieu of a degree 8+ years working experience, with a minimum of 7+ years engineering and/or architecture experience in in Data Protection, IAM, and/or Information Security.

• 2+ years as a technical lead on a high visibility, cross-functional program 

• A minimum of 2 years hands-on experience or extensive familiarity with Secrets Management technologies, such as HashiCorp Vault, AppViewX, AWS KMS, AWS Secrets Manager, Azure KeyVault, CyberArk, Delinea, Google Secret Manager. 

• Experience working in a multi-cloud (IaaS/PaaS) environment 

• Knowledge of foundational Cryptography concepts – Encryption, PKI, Tokenization, etc. 

• Deep understanding of Secrets Management capabilities (discovery, storage, etc.)

• Hands-on experience with DevOps and CI/CD tooling, including BitBucket and Jenkins

• Exceptional written and verbal communication skills

• Ability to perform risk analysis, leveraging existing frameworks and models

• Familiarity with regulatory frameworks, such as CRI, FFIEC, NIST, PCI, SOX

• Experience working in Agile methodology, leveraging Jira and Jira Align

Desired Skills/ Knowledge: 

• Industry or technology specific certifications (AWS, Azure, Cloudera, DevOps, GCP, GIAC, HashiCorp, ISACA, ISC2, ISACA, etc.)

• Direct experience contributing to the buildout of a Secrets Management program Experience interfacing with senior leaders in a financial services organization.

Eligibility Criteria :

A total of 6+ years working experience, with a minimum of 5+ years engineering and/or architecture experience in in Data Protection, IAM, and/or Information Security or in lieu of a degree 8+ years working experience, with a minimum of 7+ years engineering and/or architecture experience in in Data Protection, IAM, and/or Information Security.

Work Timings : 03:00 PM to 12:00 AM (IST)

This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time – 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (First Formal/Final Formal, PIP)

• L9+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible and can apply.

• L09+ Employees can apply.

Grade/ Level : 11

Job Family Group:

Information Technology