Please note I have direct access to the Hiring Director of Security on this position.
Telecommuting 2-3 days/week available
A growing extremely profitable ecommerce and retail company is looking for a PCI Compliance Analyst. The company has been systematically growing since inception due to growth and demand, is global, has $400+ million in revenue and has 1000+ employees.
Last year, the company s Qualified Security Assessor (QSA) examined and validated all aspects of the business that come into contact with cardholder data to ensure that the business maintained proper IT and Security controls, followed prescribed security measures to protect cardholder data and received official PCI Certification. The PCI Compliance Analyst will work directly with and assist the current QSA in obtaining PCI Certification v3.2. Specifically, the PCI Compliance Analyst will:
- Coordinate with other members of the information technology teams and end user departments to test technical and procedural controls and standards to support and ensure PCI Compliance.
- Collect PCI Evidence and perform Test of Controls to prove existence of, validation and effectiveness of required controls.
- Complete PCI Self-Assessment Questionnaires
- Manage, prove accuracy and update, as necessary, PCI compliance documentation including narratives, control descriptions, risk control matrices, test programs and performance metrics.
- Performs deficiency assessments and assist the business units with any required remediation plans.
- Remain apprised of pending PCI Compliance and Certification changes to standards and proactively design and apply appropriate measures.
The PCI Compliance Analyst will report to the Director of Security
- MUST HAVE 1-3+ years experience with PCI Compliance and/or Certification (preferably with recent experience with PCI 3.2).
- Experience collecting PCI Evidence and performing Test of Controls to prove existence of, validation and effectiveness of required PCI v3.2 controls
- Experience completing formal PCI documentation, reports, questionnaires, test programs and metrics.
- Working knowledge of multiple Operating Systems (Linux, Unix, Windows), Security Controls (Firewalls, Incident Response, Vulnerability Management, Penetration Testing, Authentication, etc.) and enterprise technology services (networking, databases, etc.)
- Experience with any of the following is only a plus , NOT mandatory:
- ServiceNow PCI Module
- IT Audit or IT Assessment experience
- Certifications: CIA, CISA, CRISC, etc.
- Please note: experience with the above are only a Plus , NOT mandatory.