Synchrony Financial - Information Security Analyst

Title: Information Security Analyst

Evening shifts and rotational basis

Role Summary/Purpose:

- The Information Security Analyst will be responsible for planning and implementing security measures to protect computer systems, networks and data.

- The person in this position is responsible for a broad range of multi-tasking, including the day-to-day management of information security tools and devices, project implementation of security initiatives, and will include significant responsibilities for the security administration of a wide variety of IT systems across the enterprise.

-The individual in this position interacts closely with associates from various IT teams - including the application development, infrastructure, and business intelligence teams - and with many other business areas throughout the organization.

- This position is also responsible for access controls, security incident detection and response, security control documentation, and reporting

Essential Responsibilities:

- Serve as the subject matter expert (SME) for technical security: solutions, controls and architecture

- Provide day-to-day administration and technical support for IT security systems

- Provide technical security administrative duties for infrastructure related to firewalls, encryption, intrusion detection systems, vulnerability scanning, security monitoring tools, authentication, web filtering, identity management, access control systems, and their associated logs and processes

- Provision and audit access controls on information systems containing sensitive data

- Some IT audit functions such as folder permission requests and proper Active Directory (AD) account use

- Monitor system logs, tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution

- Perform risk and vulnerability assessments, followed by appropriate remedial action, to mitigate risk and ensure that systems are protected from known and potential threats and are free from known vulnerabilities

- Contribute to IT risk identification, classification and response processes

- Contribute to the enterprise risk management process as needed

- Perform technical security project implementations and meet project deadlines

- Actively contribute to inter-departmental and cross-functional teams for the protection of information assets

- Research and stay up-to-date on current security threats and vulnerabilities to relevant information systems

- Provide support for the preparation and execution of InfoSec audits

- Provide support and direction for improving InfoSec policies, processes, and standards

Basic Qualifications/Requirements:

- Bachelor's degree and 3 to 4 years of Information Security experience

- 3 or more years with Secure coding practices, System Integration, Network Administration, TCP/IP protocols, Intrusion Detection/Prevention, Security Incident handling, Security Information and Event Management (SIEM)

- Experience reviewing information and articulating solutions in a fast growing and dynamic environment

- Candidate should be flexible working in shifts

Desired:

- Displays passion and responsibility to the customer either internal or external

- Good understanding of IS security controls, monitoring systems and business drivers that impact security policy and practice

- Knowledge of IS security principles and best practices

- Ability to work well with others in a collaborative and dynamic environment with an expectation to assist in all InfoSec areas as needed

- Qualys, Splunk, CyberArk, or other security tool knowledge a plus

- Strong organizational and analytical skills

- Excellent multi-tasking abilities

- Excellent communication and writing skills

- Excellent interpersonal skills

- Persuasion and negotiation skills

- Must be flexible and able to work in a team environment