What are the responsibilities and job description for the Security Compliance Officer/Data Analytics position at CORD Financial Services LLC?
About CORD Financial Services LLC and Digital Network Solutions
In 2001, CORD Financial Services was founded by The FIKES Companies. With a small staff and hard work, CORD quickly gained success in central Texas. Through steady growth in every year of its operations, CORD Financial Services is now an award-winning ATM Independent Sales Organization (ISO). In 2019, CORD acquired Digital Network Solutions, an ATM Processing Company. The company is recognized for excellence in providing a variety of ATM Processing Solutions, including services such as a state-of-the-art Terminal Management System and Mobile Application, Dynamic Currency Conversion, and Cardless NFC ATM transaction processing.
A Security Compliance Officer/Data Analytics focused on PCI and SOC 2 compliance would be responsible for overseeing and managing an organization's security posture to ensure adherence to Payment Card Industry Data Security Standard (PCI DSS) and Service Organization Controls 2 (SOC 2) regulations, conducting regular assessments, identifying risks, implementing necessary controls, and maintaining comprehensive documentation to demonstrate compliance across both frameworks.
General Responsibilities:
- Conduct regular PCI DSS and SOC 2 compliance assessments, including vulnerability scanning, network penetration testing, and policy reviews.
- Analyze assessment results to identify compliance gaps and develop remediation plans.
- Gather evidence and documentation to support compliance claims during audits by external auditors.
- Implement and maintain security controls aligned with PCI DSS and SOC 2 requirements, including access controls, encryption, data masking, and incident response procedures.
- Monitor security controls on an ongoing basis to ensure effectiveness and identify potential risks.
- Develop and maintain comprehensive security policies and procedures related to PCI and SOC 2 compliance, including data handling practices, password management, and vendor management.
- Deliver regular security awareness training to employees regarding PCI and SOC 2 compliance requirements.
- Conduct risk assessments to identify potential threats and vulnerabilities related to sensitive data processing and system access.
- Prioritize risks and develop mitigation strategies to address identified issues.
- Evaluate the security practices of third-party vendors that handle sensitive data to ensure compliance with PCI and SOC 2 standards.
- Monitor vendor compliance and implement corrective actions where necessary.
- Prepare regular compliance reports for management, highlighting key risks and mitigation efforts.
- Collaborate with internal teams to communicate compliance requirements and address concerns.
Qualifications:
- Strong understanding of PCI DSS and SOC 2 compliance frameworks, including relevant control objectives.
- Experience conducting security assessments, vulnerability scanning, and penetration testing.
- Knowledge of information security best practices and industry standards (e.g., NIST, ISO 27001).
- Excellent analytical and problem-solving skills to identify and address compliance gaps.
- Strong communication and interpersonal skills to effectively collaborate with stakeholders across different departments.
- Ability to write clear and concise documentation for policies, procedures, and compliance reports.
CORD Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, veteran status, and disability, or any other legally protected basis, in accordance with applicable federal, state, and local law.
