Sr. Principal, IT Compliance Specialist (PCI QSA)
Ingram Micro is an integral part of the technology and commerce ecosystems, helping our partners grow and thrive through the creation and delivery of Information Technology, Lifecycle Management, e-Commerce Logistics, and Cloud solutions. With $49 billion in revenue and the ability to reach 90% of the global population, we have become one of the world’s largest technology distributors with operations in 59 countries and more than 35,000 associates.
This position has the opportunity for hybrid work with up to three days remote per week.
The Sr. Principal, IT Compliance Specialist is responsible for performing, or leading, complex and/or significant compliance reviews, within the IT audits including network, internet, applications, telecommunications, security administration, and contingency planning. Assess risks, develops detail audit/compliance programs, execute audit/compliance programs steps, analyze results, and effectively communicate results to the senior management.
On a primarily independent basis, support global activities as they relate to IT compliance including PCI, ISO 27001, Financial Regulations, Statutory Audits, customer commitment obligations such as SOC1 and SOC2 attestation, Internal and External Auditor liaison support and management documentation / reporting. This support will be accomplished by reviewing existing processes, identifying improvements activities, and recommending control improvements and/or efficiencies.
- At least 4-5 years of industry experience as a PCI QSA and ability to assess complex PCI requirements.
- Plan and conduct complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
- Leads and/or participates on audit/compliance of Applications, Enterprise security, IT General Controls, for complying with policies and procedures.
- Manage and support Global IS compliance to security frameworks and standards as they relate to PCI, ISO 27001, SOC1, SOC2 and Regulatory requirements for auditing, reporting and remediation where appropriate
- Work with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls.
- Execute operational activities to support audit and compliance activities including technical validation processes
- Conduct PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment:
- Collect information and business workflows
- Execute collection of evidence to support compliance status
- Consult with internal clients to help them understand our findings and their remediation options
- Be a liaison for Internet Audit activities, reporting and escalations
- Manage escalation and enforcement for unresolved noncompliance issues
- Manage status of global PCI requirements and status
- Manage monthly, quarterly self-assessment of global IS and reporting
- Provide and present reporting including monthly metric delivery
- Create professional reports tailored to each client that detail assessment findings and include a roadmap of practical, actionable steps for improving their security posture and achieving compliance
- Provide engagement with PCI Brands, 3rd party QSA’s as necessary, which can include 3rd party devices, service providers and middleware applications.
- Support/participate and perform the due diligence and security compliance validation with 3rd party IT solution providers.
- Manage response and status to external reporting for financial compliance in relation to PCI
- Manage and Support External Audit activities and reporting.
- Provide presales and scoping assistance as needed
- Manages the project with timelines, efforts, meeting minutes, and track it until the completion.
- Support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations
- Work with Information Security staff to ensure tools and reporting mechanisms are satisfactorily meeting PCI objectives.
- Maintain strong working relationships with internal and external support teams including Global, Regional Work on special projects as required by management
- Stay abreast of changes within the IS compliance areas including business change requirements and regulatory changes from an international perspective and Country IS associates
- Experience completing PCI DSS Reports on Compliance (ROCs) - strongly preferred
- Familiarity and experience with a variety of security products and technologies - for example, network firewalls, web application firewalls, antivirus solutions, Data Loss Prevention products, and encryption technologies.
Process Improvement and Associate Success:
- Perform business processes value-added assessment of internal controls, systems, processes, financial reporting, and identify opportunities for improvement and efficiencies.
- Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
- Targets performance improvements while analyzing systems and processes.
- Understands, analyses, and documents cost/benefit analysis where appropriate.
- Actively accepts individual and team responsibilities and meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
- Actively mentors and assists other IT personnel on topics related to IT security
- Effectively multi-tasks on multiple assignments and deliverables.
- Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Technology department.
- Possesses understanding of Ingram Micro’s business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.
Education and Technical Expertise:
- A Bachelor’s degree in Computer Science, Engineering, or related Science and Math discipline with an IT or Business emphasis is required.
- 8-10 years or more relative experience in a global information technology environment with a background in auditing and process support
- Strong knowledge in commercial or inhouse developed eCommerce applications, ERP applications including SAP, Oracle, Payment Devices and/or solutions.
- Information Security background including an understanding of the basic security best practices, standards, and methodologies
- IT technical knowledge in support of compliance including Operating System, Database, Networking and Security technologies
- Must possess a valid passport and be legally allowed to leave and return to originating country.
- Ability to formulate detailed technical documentation, remediation requirements
- Strong communication skills for both technical and business level discussions on compliance matters
- Relevant auditing and compliance certification (e.g. QSA, ISA, CISM, CISA, ISO 27001 Lead Auditor) preferred
This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all these duties.
Please be prepared to pass a drug test and background check that includes verification of vaccination status.
Ingram Micro requires all new associates to be fully vaccinated against COVID-19. Therefore, this position requires applicants to submit proof, prior to start date, that the successful applicant is fully vaccinated against COVID-19. Ingram Micro will comply with applicable laws regarding the reasonable accommodation of individuals with disabilities and/or sincerely held religious beliefs. Applicants will be notified of the requirements of Ingram Micro’s COVID-19 policy and process for verification of vaccination status prior to the start of employment.
Ingram Micro believes there is no place in our society for social injustice, discrimination, or racism. As a company we do not – and will not – tolerate these actions.
Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.