Address
Form of workLead Cyber Security Analyst, Compliance
Looking for a technical, detail orientated cybersecurity compliance analyst to assist with the Information Technology Payment Card Industry Data Security Standard and IT risk management program.
Responsibilities
Responsible for program management over the PCI DSS program. Includes managing audit related activities, audit artifacts and remediation management in an effort to achieve PCI DSS compliance annually.
Responsible for following up on remediation items with SMEs and IT partners to ensure risk is addressed/removed correctly in a timely manner.
Provide analysis of applicable compliance metrics to management and audit teams.
Drive improvements in the performance of controls with technology control owners.
Provide IT control owners with feedback to enable them to enhance their control structure and related documentation quality used in the performance of their controls.
Serve as PCI DSS subject matter expert to peers and management.
Manage daily operations and reporting of the IT risk and governance program
Responsible for tracking remediation activities on security vulnerabilities, IT audit and IT risks.
Responsible for information security exception process which documents management understanding of risks.
Other Information
Maintains professional working relationship with applicable audit teams.
Maintain appropriate PCI asset identification as needed
Provide support over the Information Security Awareness Program and Information Security Policies and Standards.
Follows up on training compliance metrics as needed.
Support IT Director of Compliance as needed with compliance related activities or special projects.
Qualifications
Bachelors degree in related field or equivalent training and experience; Graduate degree preferred.
Approximately 10 years experience in IT, Compliance or Audit
Minimum at least 7 years experience with IT and/or Audit; minimum 5 in PCI DSS. Level 1 or Level 2 merchant experience preferred.
Experience with ISO 27000 framework is helpful.
ISA strongly preferred
PCIP, CISM, CGEIT, CISA and/or CISSP preferred
Looking for a technical, detail orientated cybersecurity compliance analyst to assist with the Information Technology Payment Card Industry Data Security Standard and IT risk management program.
Responsibilities
Responsible for program management over the PCI DSS program. Includes managing audit related activities, audit artifacts and remediation management in an effort to achieve PCI DSS compliance annually.
Responsible for following up on remediation items with SMEs and IT partners to ensure risk is addressed/removed correctly in a timely manner.
Provide analysis of applicable compliance metrics to management and audit teams.
Drive improvements in the performance of controls with technology control owners.
Provide IT control owners with feedback to enable them to enhance their control structure and related documentation quality used in the performance of their controls.
Serve as PCI DSS subject matter expert to peers and management.
Manage daily operations and reporting of the IT risk and governance program
Responsible for tracking remediation activities on security vulnerabilities, IT audit and IT risks.
Responsible for information security exception process which documents management understanding of risks.
Other Information
Maintains professional working relationship with applicable audit teams.
Maintain appropriate PCI asset identification as needed
Provide support over the Information Security Awareness Program and Information Security Policies and Standards.
Follows up on training compliance metrics as needed.
Support IT Director of Compliance as needed with compliance related activities or special projects.
Qualifications
Bachelors degree in related field or equivalent training and experience; Graduate degree preferred.
Approximately 10 years experience in IT, Compliance or Audit
Minimum at least 7 years experience with IT and/or Audit; minimum 5 in PCI DSS. Level 1 or Level 2 merchant experience preferred.
Experience with ISO 27000 framework is helpful.
ISA strongly preferred
PCIP, CISM, CGEIT, CISA and/or CISSP preferred
