Staff Compliance (PCI) Specialist

Job Posting Title:
Staff Compliance (PCI) Specialist

Req ID:
10039449

Job Description:

The Staff Compliance Specialist is a key leader within the DPEP Compliance team. The primary focus will be to ensure the processes and controls are in place across the Segment to satisfy internal control, and external audit compliance requirements. This role's primary responsibility is the Payment Card Industry Data Security Standard (PCI-DSS) Program. This program exists to manage compliance with PCI-DSS and the annual Assessment and attestation requirements.

Responsibilities:

• Developing the overall PCI timelines and project plans for necessary compliance work, including the following types of activities: collection and Quality Assurance of requested documentation, process and control walkthrough's, testing, observations/interviews with Auditors, and remediation to address any control gaps.
• Working with the internal and external auditors as they conduct their audits, this could include coordinating and facilitating site visits, providing them with all requested documentation, and addressing resulting questions or concerns.
• Evaluates compliance with programs and processes to mitigate compliance risk and ensure protection of company assets and information.
• Reviews and enhances network systems and processes for compliance with PCI DSS and internal standards.
• Collaborating with internal stakeholders, of varied leadership levels, with responsibility for in-scope applications to educate them on compliance requirements, ensure appropriate controls are in place to meet the requirements and assist them with outlining remediation plans to address any deficiencies.
• Providing work direction to compliance team members, including on-site and offshore resources.
• Working with Global Information Security resources to ensure alignment with the overall enterprise Compliance programs.
• Analyzing changes in regulations for our compliance programs and implementing plans to be in compliance.
• Reviews and enhances PCI systems and related infrastructure and processes for compliance with PCI DSS. Proactively identifies improvement opportunities, determines and tracks action plans until successfully implemented. Recommends and implements compliance measures.
• Stays current on evolving legislative / regulatory changes related to PCI DSS compliance and provide timely advice on PCI DSS requirements.
• Provide oversight of Compliance remediation projects (as requested) ensuring timely completion and validation of completion.

Basic Qualifications:

• A minimum of 7 year's PCI Compliance expertise.
• Ability to understand technical risks and issues and recommend solutions to address.
• Ability to communicate technical concepts in business terms.
• Ability to articulate IT compliance requirements and design IT controls.
• Qualified Security Assessor or PCI Professional designation required.
• Have a clear understanding of cloud computing services/ deployment architecture. Working knowledge of network and IT security components, including firewalls, intrusion detection systems, anti-malware software, data encryption, server operating systems, and other industry-standard techniques and practices. Knowledge of common web and mobile application vulnerabilities, such as the OWASP Top 10 for web and mobile, and ability to provide solutions.
• Proven experience influencing business and technology leadership to achieve compliance requirements.
• Ability to establish credibility and working relationships with a wide range of personnel, including operations, management, executive, and legal teams as well as external auditors.
• Solid understanding of project management principles.
• Good organization skills and attention to detail and able to multi-thread across a number of simultaneous work efforts.
• Demonstrated professional written, verbal, and presentation communications skills.
• Ability to solve complex problems and develop creative alternatives, as well as, continuous process improvement skills.
• Demonstrated ability to handle confidential information.

Preferred Qualifications:

• Ability to be flexible with work schedule and travel requirements.
• CISA certification.
• Prior experience conducting PCI Data Security Standards Assessments working as a Qualified Security Assessor or Internal Security Assessor.
• Demonstrated experience generating metrics to measure service and program effectiveness and consistency. Demonstrated experience in identifying compliance risk and development of mitigation/remediation plans.
• Ability to work in large global environments spanning multiple time zones.
• Experience using a Governance, Risk and Compliance tool as a document repository for Compliance documentation.

Required Education:

• A bachelor's degree in computer science, information systems, or information security, or a related IT field is required.

#DPEPTECH

#LI-JB4

Job Posting Segment:
Technology & Digital

Job Posting Primary Business:
Tech & Digital/Prks International

Primary Job Posting Category:
Security Governance

Employment Type:
Full time

Primary City, State, Region, Postal Code:
Orlando, FL, USA

Alternate City, State, Region, Postal Code:

Date Posted:
2023-02-21-08:00