Senior PCI Compliance Specialist PCIDSS Experince

Description

Job Description:

Reporting directly to Director of Information Technology Services, the Senior PCI Compliance Specialist supports PCI Compliance project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely.

This individual plays a key role in:

• Interpreting current and evolving PCI DSS requirements and determining the technical and process implications on the County's network and associated systems and business applications.
• Helping develop and implement plans to maintain evolving Company's PCI compliance.
• Helping maintain Company's PCI compliance by coordinating regularly scheduled internal and external vulnerability and penetration scans, and working with IT staff and external vendors to address findings.

Responsibilities:

• Identify/interpret/communicate evolving Company's Systems PCI DSS requirements.
• Assist with the evaluation of third-party application software for PCI compliance.
• Assist with the evaluation of payment card processing for PCI compliance.
• Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed.
• Assist in preparations for responding to the annual SAQ D.
• Determine, document, and publicize the availability of PCI technical requirements to all departments.
• Work with all departments to ensure that they are aware of and understand the technical PCI requirements that they must adhere to and sign off on.
• Contribute content on PCI compliant requirements to support resources, including knowledgebase articles, quick reference cards, webinars, and training classes to raise County understanding of PCI compliance.
• Participate as an integral part of the team: own, follow through, initiate and communicate with peers and management.
• Continually learn and actively share and foster exchange of knowledge and skills.
• Perform ad hoc projects as required (primarily in the areas of enterprise infrastructure and disaster recovery).

Essential Qualifications:

• Minimum of Five (5) + years of hands-on security assessment, quality assurance, or PCI DSS experience, preferably as an active, certified Internal Security Assessor (ISA) or Qualified Security Assessor (QSA). Expert level knowledge of Payment Card Industry Data Security Standard (PCI DSS 3.0/3.1) requirements.
• Experience conducting PCI self-assessment and remediation efforts or equivalent audit experience. Understanding of information systems and networking diagrams.
• Deep understanding of PCI-DSS 3.0/3.1 and preceding version requirements.
• Working knowledge of the financial industry and the life cycle of payment card transactions.
• Working experience with software development methodologies and practices.
• Working knowledge of audit methodologies and security assessment tools.
• Excellent interpersonal and customer service skills; the ability to collaborate with colleagues and customers from different levels of the organization and with varied levels of technical understanding, as well as the ability to work independently.
• Excellent written and oral communication skills, can express thoughts clearly.
• Able to multi-task and work independently with minimum supervision to meet firm deadlines.
• Flexible, proactive and possessing a can-do attitude, with a willingness and enthusiasm for learning new technologies and techniques that support evolving needs.
• Proven track record of successfully delivering business requirements to time and budget constraints. Thorough understanding of the best practices for services execution.
• Knowledge of vendor/supplier contracts reviews.
• Knowledge of Security Governance, Risk Management and Compliance.
• Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of the PCI-DSS.

Education/Experience

• A university degree in Computer Science, Engineering, or a field which relates to the role.
• Security certification such as CISSP, CISA, CISM, SANS GIAC. PCI QSA or PCI ISA Preferred. Minimum of Five (5) + years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies.
• Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems.
• Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and process.
• Previous experience in PCI-DSS compliance program including pre-assessment or assessment and gap remediation programs.
• Experience evaluating various information systems, networks and/or payment applications.
• Experience with network vulnerability scans, such as Approved Scanning Vendor (ASV).
• Experience in testing and documenting software security life cycles from development to deployment. Ability to work with a diverse group of security professionals with various roles and responsibilities.