PCI Compliance Program

: This position will manage and participate in day-to-day activities associated with achievement of the Tenerity PCI compliance program. They will coordinate, plan and execute deliverables for PCI compliance requirements to meet or exceed each requirement. Role will encompass processes and technology across the organization in all domains of information security and control with the need to ensure evolving requirements are proactively anticipated and planned against. Will interface with Internal Stakeholders and Sr. Management across the organization as well as produce concise reporting of findings including resolution of gap/remediation activities. This role ensures adherence to rigorous security standards while strengthening defences across a complex multinational environment.

Responsibilities:

• Manage end to end PCI DSS compliance lifecycle, including readiness, scope definition, audit coordination, remediation efforts while working with a QSA
• Ensure all network diagrams, data flows, asset inventories, evidence repositories and compliance evidence tracking evolve with current PCI scope documentation requirements
• Ensure timely response to remediation activity is in place
• Develop risk posture analysis models to trend and report on gap exposure
• Validate security architecture design within compliance environment to ensure appropriate controls to protect Teneritys sensitive data
• Provide technical security expertise, including evaluation of processes to validate risk
• Manage the planning, execution and oversight of penetration testing for networks, applications, APIs, cloud environment and internal/external systems
• Maintain archives of process narratives, control descriptions, testing methods and materials
• Communicate self-assessment schedules to IT departments and track status thereof
• Perform role of auditor on self-assessments
• Support audits from our client base or vendor network as needed
• Train project participants in sure of audit techniques and mandated tools
  
• Meet or exceed published service levels

Qualifications:

• BA/BS or equivalent experience
• 5+ years experience in PCI 4.0 audit and risk management
• Process and quality orientation with attention to detail
• Ability to work cross functionally in fast paced regulated environments
• Demonstrated success developing and deploying a data threat assessment process
• Technical understanding in a variety of hardware and software platforms (desktop, server, and networking equipment, proprietary and open-source UNIX varieties, Windows, VMS, Cisco, AS/400)
• Self motivated leader, independent and driven by sense of accomplishment with the ability to lead and energize our team toward success
• Exceptional upbeat and optimistic attitude, quick learner with the ability to understand and adapt to new requirements

Required Skills:

• Regulatory compliance experience (PCI DSS, SOX, ISO minimum)
• Strong communication skills both verbal and written across all levels of the organization
• Detailed understanding of information security and BCP/DR processes
• Strong organizational skills with attention to detail
• Ability to prioritize and multi-task activities within a fast-paced environment
• Detailed knowledge and practical use of risk models
• Ability to assess complex systems, business processes and define requirements for solutions
• Writing corporate audit reports/remediation/planning documentation
• Strong Project management skills
• Strong understanding of security frameworks, including NIST, CIS and PCI DSS

Preferred Skills:

• Certifications preferred such as Internal Security Assessor (ISA), Qualified Security Assessor (QSA) and Payment Card Industry Professional (PCIP)
• Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) a must with Global Information Assurance Certification (GIAC) or Certified Information Security Audit (CISA) a plus