Sr. PCI Compliance Analyst
*PCI DSS Certification is required
*100% WFH Position - This is position is to support our Indian Operations
The Sr. IS Compliance Specialist is responsible for performing, or leading, complex and/or significant compliance reviews, within the IT audits including network, internet, applications, telecommunications, security administration, and contingency planning. Assess risks, develops detail audit/compliance programs, execute audit/compliance programs steps, analyze results and effectively communicate results to the senior management.Essential Functions
Plans and conducts complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
Leads and/or participates on audit/compliance of Applications, Enterprise security, IT General Controls, for complying with policies and procedures.
Manages and supports Global IS compliance to security frameworks and standards as they relate to PCI, ISO 27001, SOC1, SOC2 and Regulatory requirements for auditing, reporting and remediation where appropriate
Works with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls.
Assesses the network architecture and or reviews the Firewall rulesets, Network devices/appliances to see if they are aligned with the PCI control requirements and recommends compensatory controls where necessary.
Executes operational activities to support audit and compliance activities including technical validation processes.
Conducts PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment:
Consults with internal clients to help them understand our findings and their remediation options
Is a liaison for Internet Audit activities, reporting and escalations
Manages escalation and enforcement for unresolved noncompliance issues
Manages status of global PCI requirements and status.Education and Work Experience
A Bachelor’s degree in Computer Science, Engineering, or related Science and Math discipline with an IS or Business emphasis is required.
PCI DSS Certification is a must.
5 years or more relative experience in a global information technology environment with a background in auditing and process support
Strong knowledge in commercial or inhouse developed eCommerce applications, ERP applications including SAP, Oracle, Payment Devices and or solutions.
Information Security background including an understanding of the basic security best practices, standards and methodologies
Possess strong understanding of information systems and networking diagrams
Experience evaluating the security infrastructure for large enterprise merchants or service providers
Working knowledge of the financial industry and the lifecycle of payment card transactions
Working experience with software development methodologies and practices
Working knowledge of audit methodologies and security assessment tools
Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently;
IT technical knowledge in support of compliance including Operating System, Database, Networking and Security technologies