AVP, Software Engineer III, Engineering Governance, Risk & Compliance (GRC) (L10)

Job Title: AVP, Software Engineer III, Engineering Governance, Risk & Compliance (GRC ) (L10) position

Company Overview

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry's most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India's Best Companies to Work for by Great Place to Work. We were among the Top 50 India's Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.
• We provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
• We provide career advancement and upskilling opportunities, for all to take up leadership roles.
  
  

Organizational Overview

Synchrony's Engineering Team is a dynamic and innovative team dedicated to driving technological excellence. As a member of this Team, you'll play a pivotal role in designing and developing cutting-edge tech stack and solutions that redefine industry standards.

The Credit Card that we use every day to purchase our essentials and later settle the bills - A simple process that we all are used to on a day to day basis. Now, consider the vast complexity hidden behind this seemingly simple process, operating tirelessly for millions of cardholders. The sheer volume of data processed is mind-boggling. Fortunately, advanced technology stands ready to automate and manage this constant torrent of information, ensuring smooth transactions around the clock, 365 days a year.

Our collaborative environment encourages creative problem-solving and fosters career growth. Join us to work on diverse projects, from fintech to data analytics, and contribute to shaping the future of technology. If you're passionate about engineering and innovation, Synchrony's Engineering Team is the place to be

Role Summary/Purpose

As an AVP in Engineering GRC, you will execute and operationalize enterprise-wide governance, risk, and compliance initiatives across the Engineering organization. You will work closely with engineering teams to ensure adherence to regulatory, security, and internal control requirements.

This role is focused on hands-on execution, tracking, and closure of risk and compliance activities across applications and platforms.

You will act as a key bridge between Engineering, Cybersecurity, Risk, and Audit teams, driving proactive risk management and ensuring continuous audit readiness across applications and platforms.

Key Responsibilities

• Drive enterprise-wide engineering governance frameworks across applications, platforms, and infrastructure.
• Ensure adherence to SLA-driven remediation timelines across engineering teams, including prioritization based on severity, exploitability, and business criticality; manage exceptions, risk acceptances, and compensating controls where applicable.
• Track, trend, and report risk posture (vulnerability KPIs/KRIs, audit findings, control health, remediation progress) to leadership with clear insights and recommended actions.
• Embed risk and compliance controls into SDLC, DevOps, and CI/CD pipelines.
• Support broader compliance initiatives impacting engineering, such as:
• SOX ITGC/ITAC support (as applicable to engineering controls)
• PCI DSS-aligned secure engineering requirements (where relevant)
• Third-party/technology risk coordination for engineering-owned services and platforms
• Translate regulatory and audit requirements into engineering standards, controls, and remediation plans.
• Own vulnerability management governance, including:
• Application security (SAST/DAST findings)
• Infrastructure and server vulnerabilities
• Penetration testing and critical security findings
• Track and report risk posture, audit findings, and vulnerability metrics to leadership.
• Drive adoption of secure engineering practices, including secure coding, dependency management, and access controls.
• Promote a risk-aware culture through governance forums, training, and continuous engagement with engineering teams.
  

Required Skills/Knowledge

• Strong understanding of modern engineering architectures (microservices, APIs, cloud-native systems).
• Experience with regulatory and compliance frameworks such as PCI-DSS, OCC expectations, and ISO/NIST.
• Hands-on exposure to vulnerability management and application security tools.
• Experience in audit support, control testing, and remediation tracking.
• Familiarity with cloud platforms (AWS, Azure, or GCP) and associated security controls.
• Understanding of DevSecOps practices and integrating security into CI/CD pipelines.
• Strong analytical and problem-solving skills with ability to translate technical risks into business impact.
• Experience with tools such as JIRA, ServiceNow, or GRC platforms
  
  

Desired Skills/Knowledge

• Experience in financial services or regulated environments.
• Familiarity with policy-as-code and compliance automation tools.
• Understanding of identity and access management (IAM), encryption, and data protection controls.
• Exposure to third-party/vendor risk management.
• Strong communication skills with ability to engage and influence senior stakeholders.
  
  

Eligibility Criteria: Minimum 6+Years of experience mentioned in Required Skill/Knowledge with a Bachelor's Degree or equivalent. In Lieu of degree , minimum of 8 years of experience required.

Work Timings: 2:00 PM – 11:00 PM IST

This role qualifies for Enhanced Flexibility offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time – 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs)

We are proud to offer flexibility at Synchrony. Our way of working allows you the option to work from home or workspaces in our Regional Engagement Hubs—Hyderabad, Bengaluru, Pune, Kolkata, or Delhi/NCR.

Occasionally you may be required to commute or travel to Hyderabad or one of the Regional Engagement Hubs for in person engagement activities such as business or team meetings, trainings, and culture events

For Internal Applicants

• Understand the criteria or mandatory skills required for the role, before applying
• Inform your manager and HRM before applying for any role on Workday
• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)
• Must not be any corrective action plan (First Formal/Final Formal, LPP)
• L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.
• L8+ Employees can apply.
  
  

Grade / Level : 10

Job Family Group

Information Technology