IT GRC Engineer - PCI DSS SME
IT GRC Engineer - PCI DSS SME
Posted on :
18-03-2025
Employer Active
1 Vacancy
The job posting is outdated and position may be filled
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Jobs by Experience
5years
Monthly Salary
$ 120 - 130
Vacancy
1 Vacancy
Posted on :
18-03-2025
Job Description
As the IT Security/GRC Engineer III you will drive the organizations compliance with the Payment Card Industry Data Security Standard (PCI DSS) while contributing to the overall cybersecurity posture. As this position involves PCIDSS compliance candidates should have handson experience with responsibility matrices design control implementation management (e.g. training evidence collection ASV Scanning reporting) and auditing of PCI DSS requirements for largescale Level 1 environments involving thousands of endpoints and card data handling devices.
Expertise in additional frameworks such as NIST 80053 Rev. 5 NIST CSF ISO 27001 vulnerability management and incident response will provide a strong foundation for success in this position.
What You Will Do
PCI Compliance and Audit Management
PCI Compliance and Audit Management
- Develop and maintain PCI DSS compliance programs and ensure alignment with organizational goals.
- Coordinate internal assessments and external audits addressing identified gaps effectively.
- Develop and communicate PCIrelated security policies procedures and standards.
Risk Management and DecisionMaking
- Assess risks associated with PCI compliance and recommend appropriate actions such as risk acceptance mitigation remediation or transference.
- Explain the "why" behind compliance requirements to stakeholders and IT teams ensuring a clear understanding of risk implications.
- Develop and promote risk management best practices across the organization.
Training and Awareness Programs
- Design and execute PCIrelated security awareness and secure coding training initiatives.
- Educate teams on PCI DSS requirements to foster a culture of compliance and security.
Security Controls Design and Implementation
- Implement security controls for applications devices and systems handling cardholder data.
- Ensure seamless integration of PCI requirements across various endpoints and payment methods.
Vendor and Audit Collaboration
- Manage relationships with vendors and consultants for merchant identification and PCI compliance support.
- Collaborate with external auditors internal audit teams and the treasury department to ensure successful compliance initiatives.
Incident Response and Vulnerability Management
- Collaborate with SecOps on investigations into security incidents related to cardholder data.
- Manage vulnerability processes addressing compliance risks proactively.
Collaboration and Governance
- Partner with business units to ensure compliance with PCI requirements across diverse environments.
- Provide guidance on compliance with frameworks such as PCIDSS NIST 80053 Rev. 5 and ISO 27001.
What You Will Need
- Education: Bachelor s degree in information security Computer Science or a related field.
- Certifications: Advanced security certification such as PCI Professional (PCIP) Internal Security Assessor (ISA) Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
- Experience:
- Minimum of ten 10 years combined IT and cybersecurity experience with at least seven 7 years focused on PCI DSSrelated tasks.
- Proven experience managing PCI DSS compliance programs and leading training initiatives. Previous experience as a Qualified Security Assessor (QSA) and/or providing consulting services related to PCI DSS is highly desirable.
- Unique or Preferred Skills:
- Indepth knowledge of PCI DSS requirements including application review and secure coding practices.
- Proficiency in auditing and implementing PCI DSS controls.
- Strong leadership collaboration communication and project management skills.
- Ability to manage multiple initiatives independently and deliver results efficiently.
- Ability to communicate effectively with IT leadership translating compliance controls into technical terms that IT teams can understand and implement.
- Ability to assess risks explain their impact and recommend actions to address them effectively.
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
