PCI Compliance Program

Job Description

: This position will manage and participate in day-to-day activities associated with achievement of the Tenerity PCI compliance program. They will coordinate, plan and execute deliverables for PCI compliance requirements to meet or exceed each requirement. Role will encompass processes and technology across the organization in all domains of information security and control with the need to ensure evolving requirements are proactively anticipated and planned against. Will interface with Internal Stakeholders and Sr. Management across the organization as well as produce concise reporting of findings including resolution of gap / remediation activities. This role ensures adherence to rigorous security standards while strengthening defences across a complex multinational environment.

Responsibilities

Manage end to end PCI DSS compliance lifecycle, including readiness, scope definition, audit coordination, remediation efforts while working with a QSA

Ensure all network diagrams, data flows, asset inventories, evidence repositories and compliance evidence tracking evolve with current PCI scope documentation requirements

Ensure timely response to remediation activity is in place

Develop risk posture analysis models to trend and report on gap exposure

Validate security architecture design within compliance environment to ensure appropriate controls to protect Tenerity’s sensitive data

Provide technical security expertise, including evaluation of processes to validate risk

Manage the planning, execution and oversight of penetration testing for networks, applications, API’s, cloud environment and internal / external systems

Maintain archives of process narratives, control descriptions, testing methods and materials

Communicate self-assessment schedules to IT departments and track status thereof

Perform role of auditor on self-assessments

Support audits from our client base or vendor network as needed

Train project participants in sure of audit techniques and mandated tools

Meet or exceed published service levels

Qualifications

BA / BS or equivalent experience

5+ years’ experience in PCI 4.0 audit and risk management

Process and quality orientation with attention to detail

Ability to work cross functionally in fast paced regulated environments

Demonstrated success developing and deploying a data threat assessment process

Technical understanding in a variety of hardware and software platforms (desktop, server, and networking equipment, proprietary and open-source UNIX varieties, Windows, VMS, Cisco, AS / 400)

Self motivated leader, independent and driven by sense of accomplishment with the ability to lead and energize our team toward success

Exceptional upbeat and optimistic attitude, quick learner with the ability to understand and adapt to new requirements

Required Skills

Regulatory compliance experience (PCI DSS, SOX, ISO minimum)

Strong communication skills both verbal and written across all levels of the organization

Detailed understanding of information security and BCP / DR processes

Strong organizational skills with attention to detail

Ability to prioritize and multi-task activities within a fast-paced environment

Detailed knowledge and practical use of risk models

Ability to assess complex systems, business processes and define requirements for solutions

Writing corporate audit reports / remediation / planning documentation

Strong Project management skills

Strong understanding of security frameworks, including NIST, CIS and PCI DSS

Preferred Skills

Certifications preferred such as Internal Security Assessor (ISA), Qualified Security Assessor (QSA) and Payment Card Industry Professional (PCIP)

Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) a must with Global Information Assurance Certification (GIAC) or Certified Information Security Audit (CISA) a plus