Senior Payment Card Industry Compliance Specialist

Georgia  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

Job Description:

Reporting directly to Director of Information Technology Services, the Senior PCI Compliance Specialist supports PCI Compliance project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely.

This individual plays a key role in:

  • Interpreting current and evolving PCI DSS requirements and determining the technical and process implications on the County's network and associated systems and business applications.
  • Helping develop and implement plans to maintain evolving PCI compliance at Gwinnett County.
  • Helping maintain PCI compliance at Gwinnett County by coordinating regularly scheduled internal and external vulnerability and penetration scans, and working with IT staff and external vendors to address findings.

Essential Qualifications:

  • Minimum of Five (5) + years of hands-on security assessment, quality assurance, or PCI DSS experience, preferably as an active, certified Internal Security Assessor (ISA) or Qualified Security Assessor (QSA). Expert level knowledge of Payment Card Industry Data Security Standard (PCI DSS 3.0/3.1) requirements.
  • Experience conducting PCI self-assessment and remediation efforts or equivalent audit experience. Understanding of information systems and networking diagrams.
  • Deep understanding of PCI-DSS 3.0/3.1 and preceding version requirements.
  • Working knowledge of the financial industry and the life cycle of payment card transactions.
  • Working experience with software development methodologies and practices.
  • Working knowledge of audit methodologies and security assessment tools.
  • Excellent interpersonal and customer service skills; the ability to collaborate with colleagues and customers from different levels of the organization and with varied levels of technical understanding, as well as the ability to work independently.
  • Excellent written and oral communication skills, can express thoughts clearly.
  • Able to multi-task and work independently with minimum supervision to meet firm deadlines.
  • Flexible, proactive and possessing a can-do attitude, with a willingness and enthusiasm for learning new technologies and techniques that support evolving needs.
  • Proven track record of successfully delivering business requirements to time and budget constraints. Thorough understanding of the best practices for services execution.
  • Knowledge of vendor/supplier contracts reviews.
  • Knowledge of Security Governance, Risk Management and Compliance.
  • Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of the PCI-DSS.

Education/Experience

  • A university degree in Computer Science, Engineering, or a field which relates to the role.
  • Security certification such as CISSP, CISA, CISM, SANS GIAC. PCI QSA or PCI ISA Preferred. Minimum of Five (5) + years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies.
  • Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems.
  • Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and process.
  • Previous experience in PCI-DSS compliance program including pre-assessment or assessment and gap remediation programs.
  • Experience evaluating various information systems, networks and/or payment applications.
  • Experience with network vulnerability scans, such as Approved Scanning Vendor (ASV).
  • Experience in testing and documenting software security life cycles from development to deployment. Ability to work with a diverse group of security professionals with various roles and responsibilities.
Start date
ASAP
Duration
6 months
From
The Royak Group Inc.
Published at
22.02.2016
Project ID:
1075654
Contract type
Freelance
To apply to this project you must log in.
Register