VP, Product Security Architecture Leader
SynchronyJob Description:
Role Summary/Purpose:
The VP, Product Security Architecture will lead the strategy, design, and execution of Synchrony’s product and application security architecture program, ensuring security is embedded into the lifecycle of agents, applications, platforms, and SaaS services. This role leads a team of Application Security Architects who perform application security risk assessments, secure design and engineering advisory, threat modeling, risk management, and monitoring remediation through closure.
This leader will be both visionary and pragmatic—driving secure-by-design outcomes across modern architectures (cloud-native, APIs, microservices) and emerging capabilities, including AI-enabled products and services. The VP will establish security architecture direction and governance for AI Security (model, data, and application-layer risks) and SaaS security architecture (selection, onboarding, configuration, integrations, and continuous control assurance). Exceptional communication skills are required to influence technology decisions and foster a security-first culture across Product, Engineering, and Enterprise stakeholders.
Essential Responsibilities:
Strategic Leadership:
Develop, communicate, and execute a comprehensive product/application security architecture strategy aligned with business objectives, risk appetite, and regulatory requirements within the financial services sector.
Partner closely with senior leaders across Product, Engineering, Enterprise Architecture, IT, Risk Management, Compliance, and Business Units to embed security architecture principles into product roadmaps, SDLC/CI-CD practices, platform modernization, and key initiatives.
Drive a security-first approach that anticipates emerging threats, trends, and innovations (including AI and SaaS) to ensure resilient and forward-looking product security architecture.
Collaborate with AI/innovation, data, and engineering teams to embed secure-by-design practices into AI product delivery, including threat modeling for AI-driven features and integrations.
Application & Product Security Architecture / Secure Design Advisory:
Lead the design, development, and deployment of scalable security architecture patterns for applications and product platforms, including APIs, microservices, data flows, identity, cryptography, and secure logging/monitoring.
Develop and implement specialized product security architecture frameworks for AI-enabled applications and services, including secure design requirements for:
model and prompt interaction surfaces (where applicable)
data privacy and sensitive data handling across AI workflows
access controls and authorization for AI features and data
integrity protections and misuse/abuse considerations (e.g., adversarial inputs, model manipulation where applicable)
Define, implement, and enforce product/application security architecture standards, policies, and frameworks based on industry best practices (e.g., NIST CSF, CRI, CIS Controls, OWASP) to ensure consistency, compliance, and operational effectiveness.
Provide security architecture guidance and decision support to engineering teams—including tradeoffs, compensating controls, and secure reference architectures—to enable secure delivery at speed.
Define security architecture guidance for AI-related third-party services and platforms, including integration patterns, data sharing constraints, and control expectations.
Threat Modeling & Application Security Risk Assessments:
Conduct and operationalize advanced threat modeling and application security risk assessments to proactively identify vulnerabilities and guide architectural decisions that mitigate risks to critical financial assets and data.
Ensure consistent evaluation of risks across authentication/authorization, session management, secrets management, data protection, API security, third-party components, and supply chain exposures.
Risk Management & Remediation Monitoring:
Establish governance to document, prioritize, and manage application/product security risks and architecture exceptions, including risk acceptance and time-bound remediation expectations.
Monitor remediation progress to closure; validate corrective actions and escalate overdue/high-severity items through appropriate governance channels.
Partner with Security Operations, GRC, and engineering teams to align remediation priorities with threat intelligence, control requirements, and business impact.
SaaS Security Architecture
Establish SaaS security architecture standards and reference patterns for:
secure onboarding and vendor/solution architecture reviews
identity integration (SSO/MFA), role-based access, and privileged access
data classification, encryption expectations, retention, and eDiscovery considerations
secure API/integration patterns, outbound data controls, and logging/monitoring
Partner with Procurement/Vendor Management, Legal/Privacy, GRC, and Technology teams to ensure SaaS solutions meet Synchrony security and regulatory requirements and are configured securely.
Define a repeatable approach for assessing SaaS architectural risk and tracking configuration and control gaps through remediation.
Security Technology & Innovation (Product Security Enablement)
Guide evaluation and adoption of security capabilities that improve product security outcomes (e.g., threat modeling tooling, security architecture automation, security requirements/pattern libraries, policy-as-code where applicable).
Drive pragmatic innovation to increase coverage, consistency, and speed of security architecture engagements.
Team Leadership & Development
Build, mentor, and inspire a high-performing team of Application Security Architects, fostering technical excellence, consistent assessment quality, and strong partnership with engineering teams.
Promote cross-functional collaboration between Security, Product, Engineering, IT, and business stakeholders to drive cohesive initiatives and measurable security maturity improvements.
Stakeholder Engagement & Advisory
Serve as a trusted advisor to executive leadership and key stakeholders by providing clear, business-focused insights and strategic recommendations concerning product/application risk posture, AI and SaaS security architecture, and compliance expectations.
Manage relationships with key internal and external partners to ensure alignment with industry advancements and regulatory expectations impacting application, AI, and SaaS risk.
Compliance, Governance & Audit Support
Ensure that product/application security architecture components and initiatives comply with relevant regulations and industry standards applicable to financial services, including FFIEC, SOX, GDPR, PCI-DSS, and CRI.
Support internal and external audits by providing architecture evidence, risk decisions, and remediation status; address findings through architectural improvements, standards updates, and stakeholder engagement.
Perform other duties and/or special projects as assigned.
Qualifications/Requirements:
Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or related field. In lieu of a degree, 15+ years of related experience. Advanced degrees and certifications preferred.
10+ years of progressive experience in information security, with at least 5 years in a leadership role focusing on application/product security architecture in financial services or highly regulated industries.
Deep expertise in application/product security architecture and secure design for modern environments, including cloud-native architectures, APIs, identity and access management (IAM), encryption, and data protection.
Demonstrated strength in threat modeling, application security risk assessment, and translating threat intelligence into actionable architectural improvements.
Experience establishing governance for risk management, exceptions, and remediation monitoring across product and engineering organizations.
AI security architecture experience (building or governing security requirements for AI-enabled applications/services; partnering with AI/ML and data teams; performing AI-related security risks assessment).
SaaS security architecture experience (secure onboarding and integration patterns, identity integration, data protection expectations, logging/monitoring requirements, and risk management of SaaS configurations and controls).
In-depth knowledge of financial services regulations and compliance frameworks, with the ability to ensure architecture decisions support regulatory adherence and audit preparedness.
Exceptional communication and interpersonal skills, able to influence and articulate complex security concepts clearly to executive leadership, technical teams, and business stakeholders alike.
Relevant professional certifications such as CISSP, CISM, CISA, SABSA, TOGAF, CCSK, or equivalent credentials are highly desirable.
Ability and flexibility to travel for business as required
Grade/Level: 14
The salary range for this position is 170,000.00 - 290,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements:
You must be 18 years or older
You must have a high school diploma or equivalent
You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months’ time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months’ time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don’t meet the time in position or performance expectations).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Our Commitment:
When you join us, you’ll be part of an inclusive culture where your individual skills, experience, and voice are not only heard – but valued. Together, we’re building a future where we can all belong, connect, and turn ideals into action. More than 50% of our workforce is engaged in our Employee Resource Groups (ERGs), where community and passion intersect to offer a safe space to learn and grow.
This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status. We’re proud to have an award-winning culture for all.
Reasonable Accommodation Notice:
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am – 5pm Monday to Friday, Central Standard Time
Job Family Group:
Information Technology