As a PCI Security Analyst on the Governance, Risk and Compliance Team, you will work collaboratively with the Cybersecurity GRC team along with stakeholders across the business to ensure the assessment, verification, review, and audit of technology controls and or business process controls around the enterprise related to PCI-DSS are in place. The PCI Analyst will be responsible for coordinating the collection of evidence, walkthrough meetings, remediation, and ensuring that teams are educated on what is required of them. Following are key areas of responsibility for this role:
Responsible for assisting with the delivery of the annual Report on Compliance (ROC), Attestations of Compliance (AOC), and the operating effectiveness of our PCI program
Works collaboratively with stakeholders across the business to ensure effective business and technology controls are in place for PCI-DSS
Serves as subject matter expert for PCI-DSS requirements across the business
Proactively communicate changes in requirements to teams and help drive implementation of new requirements
Works with the Global Architecture and Technology teams to understand current and future payment strategies globally
Identify, evaluate, document, and monitor the remediation of control deficiencies with an emphasis on assisting process and IT owners to remediate control deficiencies
Assist with PCI-DSS quarterly control certifications and attestations
Automate and assist in gathering audit evidence for PCI audits
Assist with development and implementation of a PCI runbook and ensure PCI related controls are operating effectively
Apply a risk-based approach to planning, executing, and reporting on PCI related audit engagements
Create efficiencies for PCI audit engagements by establishing and maintaining a document request lists and evidence repositories
Provides metrics and reports to demonstrate that the program delivers the expected outcomes and effectively supports business objectives
Qualifications:
5+ years in Security GRC or a related field with in-depth working knowledge of PCI DSS Standards (3.2.1 or higher)
PCI PCIP, QSA, or ISA certification preferred
Execute compliance reviews; facilitate remediation planning, exposure tracking and communicating risk all done in accordance with the Payment Card Industry Standard and other regulatory frameworks as needed
Experience working with internal and external auditors
Strong knowledge of information systems auditing, monitoring, and controlling the assessment process
Knowledge of the following areas: cloud computing, computer networking, network security practices, compliance or computer security
Proven experience in aligning multiple stakeholders to lead the strategic path and delivery of the implementation of PCI controls
Experience with ServiceNow in driving automation and efficiencies in audit and compliance processes
Passion for problem solving with an ability to excel in an ambiguous environment
Demonstrated ability to function in a fast paced, multi-program environment with changing priorities
Strong leadership skills, including the ability to influence and gain consensus in the absence of direct authority
Proven results working with global and remote teams across different time zones
Must haves:
Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
Communicates with honesty and kindness and creates the space for others to do the same.
Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
Fosters connection by putting people first and building trusting relationships.
Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.