Job Summary
Provides support for the administration and maintenance of a security-related operations relating to security, technology and privacy risk management program. Assess risks, participate on projects, respond to inquiries, and address and resolve issues to ensure technology assets and data are protected and in compliance with regulatory requirements. Support third party due diligence, technology risk assessments, controls testing and risk reporting. Must be able to weigh business needs against security concerns and articulate issues to management. Provides support for an operational area in IS. Assists in the development, implementation and enforcement of corporate-wide IS standards, policies and procedures. Also works with various internal and external clients to establish communication, cooperation and compliance related to IS standards. Day to day execution of operational components, completion of projects to improve operations, client satisfaction with operational support and enforcement of appropriate standards and procedures for assigned operational area.
Job Duties And Responsibilities
- Assists in the implementation of policies and procedures to adequately address and control the risk management of the company's assets; maintain the Information Security Manual.
- Reviews and analyzes existing information security measures; recommends changes and assist in ensuring such measures are appropriately implemented, administered, monitored and updated in response to business conditions.
- Performs Information Security third party due diligence and ongoing assessments of vendors to assess risks and determine effectiveness of controls. Also investigates and reports IS violations, third party data breach, supply chain vulnerabilities.
- Conducts reviews and risk assessments to identify weaknesses or security exposures, assess impact and recommend solutions to mitigate risks and exposures. Also assists with annual compliance requirements, including PCI, SOX, GLBA, privacy .
- Assist with issues and exception management process, maintenance of information risk register.
- Evaluates products and/or procedures to ensure compliance with security and privacy regulatory requirements.
- Performs research and analysis of emerging and disruptive Information Technology / Information Security trends and tendencies that may affect the Bank.
- Prepares status reports on security matters to develop security risk analysis scenario's and response procedures.
- Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise and report known or suspected violations to the appropriate Company authority in a timely fashion.
- Performs other related duties as required.
- Job may require 24x7 support. Supports operations of a security subcomponent.
The information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Synovus is an Equal Opportunity Employer supporting diversity in the workplace
Minimum Education:
- Associates or Bachelor's Degree in Business Administration, Information Technology, or related field or an equivalent combinatino of education and experience.
Minimum Experience:
- 2 years of IT work experience with exposure to systems analysis, application development, database design and administration.
Required Knowledge, Skills, & Abilities:
- General knowledge of networking, databases, systems and/or web operations.
- General knowledge of security issues, techniques and implications across all existing computer platforms.
- Analytical skills and the ability to assist with root cause analysis.
- Interpersonal skills and the ability to communicate effectively with persons of all levels and personality types.
- Good communication skills and the ability to effectively communicate verbally and in writing.
- Ability to relate complex material and information in a user-friendly manner.
- 2 years of IT work experience with exposure to systems analysis, application security, data security, cloud security, internet security, system design and implementation, risk assessment and management, third party due diligence, threats and vulnerability management, technology audit, regulatory compliance and controls assessments vendor management, privacy and incident response