PCI Compliance Specialist

Your impact:

As a PCI Compliance Specialist, you will be responsible for ensuring and delivering the PCI DSS (Payment Card Industry Data Security Standard) compliance of people, process, and technology.  You will have the opportunity to use your strong analytical talents and IT aptitude to help coordinate information security and IT governance activities, facilitate IT risk assessments and audits, and assist with implementing process improvements and transformations.  You will focus heavily on continually assessing the company's PCI DSS compliance and working with stakeholders to implement technical and administrative safeguards specified by PCI DSS.  You’ll also have the opportunity to use your interpersonal skills as you partner with business units to assess risk and communicate recommendations.

The contributions you can anticipate making:

Assisting with IT Process Improvement and Transformation:

• Assisting with the development of process improvements across the various sectors of IT
• Documenting security standards & processes for activities across the IT domain
• Working with IT managers and VPs to influence changes in methodology and foster efficiency gains and security improvements

Facilitating IT Risk Assessments and IT Audit:

• Facilitating and coordinating PCI assessments
• Analyzes and documents findings to identify compliance-related issues.
• Centrally managing IT application and service profiles as they relate to IT Risk Assessment (ITRA), Business Impact Analysis (BIA), and Risk Findings/Exceptions
• Staying up to date on regulatory and compliance requirements with a focus on PCI DSS compliance
• Facilitating engagements related to external and internal audits

Coordinating Projects & Remediation Activities:

• Coordinating IT audits/penetration tests/assessments and remediation activities
• Prioritizing information security project resource allocation in accordance with approved team objectives
• Establishing and communicating major milestones and timelines for project completion
• Tracking and reporting project progress and any modifications in timeline
• Assessing any risk to expected target dates and escalating as needed

Measuring and reporting on Governance, Risk, and Compliance:

• Identifying compliance gaps, with a focus on PCI DSS
• Measuring adherence to regulations and internal policies and standards, with a focus on PCI DSS
• Reporting on any audit/penetration test/assessment findings and tracking exceptions
• Collecting metrics and producing periodic reporting

To be successful in this role, you will be:

 A detail-oriented person who thrives on analyzing and interpreting processes or data and making recommendations accordingly

 A persuasive communicator who enjoys presenting their analyses, ideas, and solutions to others so that even those outside the field can understand them

 An innately cautious person who naturally sees potential risks and puts a plan in place to try and mitigate them

 An organized individual for whom time management and the ability to establish priorities comes naturally

 A person who derives a feeling of competence from thoroughly understanding the regulations and compliance requirements that go along with IT risk assessment and staying on top of new developments in the field 

 Someone who enjoys technical writing

Interested?  Here’s what we need to see on your resume:

Experience:

 Three years’ experience assessing and supporting PCI DSS compliance

 Strong understanding of payment systems and credit card security.

 Five years' experience assessing and addressing security risks in IT environments

 Five years' experience in IT governance activities

 Two years’ experience working in an ITL environment.

 Two years’ experience in auditing and/or assisting with process improvement.

 Proficiency with MS-Office, Visio, and Project are preferred

 Experience with the technological aspects of a depository institution is highly desirable.

 Experience with Governance Risk and Compliance (GRC) tool to conduct assessments is preferred.

Education:

 Related degree or comparable experience.  Degree in Computer Science or Information Systems preferred. Information Security certifications such as CISSP, CRISC, CISM, CISA, or Security preferred.  PCI DSS certification highly desirable.