This is a remote position.
The Analyst, Information Security Governance, Risk and Compliance will play a key role in
safeguarding the organizations' systems, networks, and data. The position is responsible for aiding in
the design, development, and build of Information Security governance capabilities, participate in the
management of these capabilities, and supporting controls. In addition, this role will be responsible
for acting as a trusted resource for other analysts in the organization.
Essential Responsibilities:
- Design, develop, Implement, and provide ongoing support for a global Information Security
- Cryptography governance process, to ensure the compliance and effectiveness of various data
protection controls, methods, procedures, processes (i.e., ciphers suites, encryption, key/secrets management, PKI, tokenization, transport layer security)
- Participate as one of several governance leads on team of information security analysts
- Play a hands-on role in the engineering, implementation, and continuous improvement of governance processes to ensure data protection control objectives are effective
- Participate in authoring, editing, providing, or reviewing documentation (procedures, standards) to ensure a well-managed and mature security infrastructure
- Works closely with Information Security program manager, scrum master, and architects to convey technical impacts to development/engineering timeline and risks
- Work independently in identifying opportunities to improve operational or other performance for
- Security, Information Technology and other functions across Synchrony
- Work with Information Security engineers and API developers to drive program delivery
- Work with Information Security leaders to advance cryptography governance program development, maturity, and standards across the organization
- Serve as subject-matter expert to other team members in the Information Security organization
- Perform other duties and/or special projects as assigned
Requirements
Bachelor's degree in Computer Science/Engineering or related field OR High School
Diploma/GED and a minimum of 4 years or experience in Technology with a minimum of 3
years in Information Security
Certifications in audit, cloud, cybersecurity, governance, information security, privacy, risk
preferred; AWS, GCP, GIAC, IAPP, ISC2, ISACA
• Excellent oral communication and writing skills. Adept and presenting complex topics,
influencing and executing with timely / actionable follow-through
• Experience with legal and regulatory compliance standards such as GDPR, PCI DSS, SOX
• Experience with IT governance, risk, and compliance management in a global environment
• Experience with IT GRC/IRM platforms (i.e., Oracle, RSA Archer, MetricStream)
• Familiarity with ISMS and security frameworks, including NIST Cybersecurity Framework
• Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt
to ever-changing business needs
• Strong analytical and problem-solving skills with the ability to convert information into practical
deliverables. Uses rigorous logic and methods to solve difficult problems.
Desired Characteristics:
• Ability to successfully manage working on multiple simultaneous projects
• Audit, compliance, data privacy, governance, risk background
• Creativity and individual thinking, and the ability to work both with a team and unsupervised
• Familiarity with problem and incident management, change management, notifications, and
basic operational understanding of running and maintaining infrastructure
• Good teamwork, oral and written communication
• Good understanding of security landscape as a whole
• Strong and efficient problem-solving and analytical skills, willingness to learn
• Information security background
• Knowledge of modern coding languages such as Python
• Knowledge of API development
• Knowledge of CI/CD pipelines
• Knowledge of encryption concepts, controls, technologies
• Knowledge of secrets management concepts, controls, technologies
• Knowledge of tokenization technologies
• Understanding of various cloud deployment/service models from a development, infrastructure
and information security aspect
Benefits
Lynx Technology Partners offers a comprehensive benefits package, including health and welfare benefits, life insurance, retirement plans, paid holidays, and remote work options.
We are proud to be an Equal Opportunity Employer committed to fostering diversity and inclusion in the workplace. At Lynx, we embrace and support individuals of all backgrounds and do not discriminate based on race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity, age, disability, or veteran status.
Join us at Lynx Technology Partners and become part of a dynamic, forward-thinking team focused on safeguarding digital environments and helping our clients navigate the evolving cyber threat landscape.
