PCI Compliance Program

Responsibilities

• Manage end to end PCI DSS compliance lifecycle, including readiness, scope definition, audit coordination, remediation efforts while working with a QSA
• Ensure all network diagrams, data flows, asset inventories, evidence repositories and compliance evidence tracking evolve with current PCI scope documentation requirements
• Ensure timely response to remediation activity is in place
• Develop risk posture analysis models to trend and report on gap exposure
• Validate security architecture design within compliance environment to ensure appropriate controls to protect Tenerity's sensitive data
• Provide technical security expertise, including evaluation of processes to validate risk
• Manage the planning, execution and oversight of penetration testing for networks, applications, API's, cloud environment and internal/external systems
• Maintain archives of process narratives, control descriptions, testing methods and materials
• Communicate self-assessment schedules to IT departments and track status thereof
• Perform role of auditor on self-assessments
• Support audits from our client base or vendor network as needed
• Train project participants in sure of audit techniques and mandated tools
• Meet or exceed published service levels

Qualifications

• BA/BS or equivalent experience
• 5+ years experience in PCI 4.0 audit and risk management
• Process and quality orientation with attention to detail
• Ability to work cross functionally in fast paced regulated environments
• Demonstrated success developing and deploying a data threat assessment process
• Technical understanding in a variety of hardware and software platforms (desktop, server, and networking equipment, proprietary and open-source UNIX varieties, Windows, VMS, Cisco, AS/400)
• Self motivated leader, independent and driven by sense of accomplishment with the ability to lead and energize our team toward success
• Exceptional upbeat and optimistic attitude, quick learner with the ability to understand and adapt to new requirements

Required Skills

• Regulatory compliance experience (PCI DSS, SOX, ISO minimum)
• Strong communication skills both verbal and written across all levels of the organization
• Detailed understanding of information security and BCP/DR processes
• Strong organizational skills with attention to detail
• Ability to prioritize and multi-task activities within a fast-paced environment
• Detailed knowledge and practical use of risk models
• Ability to assess complex systems, business processes and define requirements for solutions
• Writing corporate audit reports/remediation/planning documentation
• Strong Project management skills
• Strong understanding of security frameworks, including NIST, CIS and PCI DSS

Preferred Skills

• Certifications preferred such as Internal Security Assessor (ISA), Qualified Security Assessor (QSA) and Payment Card Industry Professional (PCIP)
• Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) a must with Global Information Assurance Certification (GIAC) or Certified Information Security Audit (CISA) a plus