AVP, Product Security Architect
Company: Synchrony Financial
Location: Alpharetta
Posted on: March 17, 2026
|
|
|
Job Description:
Job ID: 2600525 Job Description: Role Summary/Purpose Synchrony
is seeking an AVP, Product Security Architect to provide
enterprise-level product security architecture leadership across
Synchrony’s application and SaaS ecosystem. This role operates at
L11 scope—setting direction, defining standards, and driving
adoption at scale—while partnering closely with product and
engineering leaders to embed security into product strategy and
modern software delivery. The AVP will lead the definition of an
Application Security Blueprint (reference architectures, approved
patterns, and engineering guardrails) and will influence outcomes
across multiple portfolios by enabling teams to design and deliver
software that is secure-by-design, resilient, and compliant.
Essential Responsibilities Set product security architecture
direction for assigned portfolios, aligning security architecture
decisions with Synchrony technology strategy, risk appetite, and
regulatory expectations. Own and evolve the Application Security
Blueprint: enterprise application security standards, reference
architectures, reusable patterns, and guardrails that enable
consistent secure engineering across teams. Serve as a strategic
partner to product and engineering leadership, influencing roadmaps
and operating models to ensure security is built-in (not bolted-on)
and delivery teams can move quickly with well-defined paved roads.
Lead architecture governance for product/application security:
establish review criteria and decision frameworks perform design
reviews and approve/drive remediation plans manage exceptions with
documented risk acceptance, compensating controls, and time-bound
closure Drive threat modeling at scale by defining methodology and
minimum expectations, and by facilitating modeling for high-risk
initiatives—explicitly documenting trust boundaries, data flows,
abuse cases, and security requirements. Define and standardize API
security architectures (north-south and east-west), including
authentication/authorization, token strategy, schema and input
validation, anti-automation protections, and rate
limiting/throttling patterns. Define patterns for
service-to-service security controls in distributed systems,
including workload identity, authorization, mTLS, secrets handling,
and policy enforcement—ensuring controls are practical for
engineering adoption. Influence and enable secure SDLC and platform
controls with engineering enablement in mind (security
requirements, pipeline guardrails, dependency/supply-chain
controls, secure configuration guidance), partnering with platform
teams to operationalize. Establish and track measurable outcomes
(e.g., blueprint adoption, recurring architecture risks, API
posture improvements, exception burn-down, control coverage for
critical apps) and provide clear executive-level reporting. Act as
a coach and multiplier: mentor engineers and architects, elevate
secure design skills across teams, and improve security
decision-making through clear documentation and reusable assets.
Perform other duties and/or special projects as assigned.
Qualifications/Requirements 7 years in security
architecture/engineering, with deep focus on application/product
security in modern software environments. Demonstrated ability to
operate at an enterprise influence level: setting standards,
driving cross-team adoption, and aligning stakeholders with
differing priorities. Strong hands-on knowledge of application and
service security fundamentals: authentication/authorization,
session/token security, cryptography concepts, secrets management,
secure logging/monitoring design, and secure data handling. Proven
experience leading threat modeling and producing strong
architecture artifacts (DFDs, trust boundaries, security
requirements, risk assessments). Strong knowledge of API security
and common web/service risks (e.g., OWASP Top 10 / API Security Top
10), with the ability to translate risks into enforceable patterns.
Excellent communication skills—able to present clearly to
engineering teams and senior leaders, and to produce high-quality
architecture documentation. Track record of driving security with
product teams: embedding security into product planning,
influencing roadmaps, defining “definition of done” security
requirements, and improving time-to-market through paved-road
patterns. Experience securing and integrating SaaS applications,
including SSO/federation (SAML/OIDC), tenant and data isolation
considerations, audit logging, and shared responsibility alignment.
Experience implementing service-to-service security patterns at
scale (workload identity, mTLS, authorization, policy-as-code
concepts). Experience operationalizing security standards into
engineering consumables (shared libraries, templates, reference
implementations, runbooks). Familiarity with CI/CD-based security
enablement (SAST/DAST/SCA, secrets scanning, gating/exception
workflows) and vulnerability management operating models.
Experience supporting regulated environments and mapping
architecture controls to policies/standards. Certifications
(preferred): CISSP, CCSP, CSSLP (or equivalent). Ability and
flexibility to travel for business as required Desired
Characteristics: Threat modeling tooling; API gateways/policy
enforcement; identity and federation (SSO, SAML, OIDC); application
security testing (SAST/DAST/SCA/secret scanning); CI/CD tooling
(e.g., GitHub/Jenkins); vulnerability management platforms;
logging/monitoring; service mesh/mTLS patterns; secrets management
solutions Eligibility Requirements You must be 18 years or older
You must have a high school diploma or equivalent You must be
willing to take a drug test, submit to a background investigation
and submit fingerprints as part of the onboarding process You must
be able to satisfy the requirements of Section 19 of the Federal
Deposit Insurance Act. New hires (Level 4-7) must have 9 months of
continuous service with the company before they are eligible to
post on other roles. Once this new hire time in position
requirement is met, the associate will have a minimum 6 months’
time in position before they can post for future non-exempt roles.
Employees, level 8 or greater, must have at least 18 months’ time
in position before they can post. All internal employees must
consistently meet performance expectations and have approval from
your manager to post (or the approval of your manager and HR if you
don’t meet the time in position or performance expectations). Legal
authorization to work in the U.S. is required. We will not sponsor
individuals for employment visas, now or in the future, for this
job opening. All qualified applicants will receive consideration
for employment without regard to race, color, religion, sex, sexual
orientation, gender identity, national origin, disability, or
veteran status. Our Commitment When you join us, you’ll be part of
an inclusive culture where your individual skills, experience, and
voice are not only heard – but valued. Together, we’re building a
future where we can all belong, connect, and turn ideals into
action. More than 50% of our workforce is engaged in our Employee
Resource Groups (ERGs), where community and passion intersect to
offer a safe space to learn and grow. This starts when you choose
to apply for a role at Synchrony. We ensure all qualified
applicants will receive consideration for employment without regard
to age, race, color, religion, gender, sexual orientation, gender
identity, national origin, disability, or veteran status. We’re
proud to have an award-winning culture for all. Grade/Level 11 The
salary range for this position is 115,000.00 – 200,000.00 USD
Annual and is eligible for an annual bonus based on individual and
company performance. Actual compensation offered within the posted
salary range will be based upon work experience, skill level or
knowledge. Salaries are adjusted according to market in CA, NY
Metro and Seattle. Reasonable Accommodation Notice Federal law
requires employers to provide reasonable accommodation to qualified
individuals with disabilities. Please tell us if you require a
reasonable accommodation to apply for a job or to perform your job.
Examples of reasonable accommodation include making a change to the
application process or work procedures, providing documents in an
alternate format, using a sign language interpreter, or using
specialized equipment. If you need special accommodations, please
call our Career Support Line so that we can discuss your specific
situation. We can be reached at 1-866-301-5627. Representatives are
available from 8am – 5pm Monday to Friday, Central Standard Time
Job Family Group: Information Technology
Keywords: Synchrony Financial, East Point , AVP, Product Security Architect, IT / Software / Systems , Alpharetta, Georgia
