TPRM - PCI Specialist

As a part of the AIT Information Security – Enterprise Security Team, the PCI Specialist – Senior supports the organization’s strategic initiatives that are aligned with the organizations business goals enhancing and aligning the PCI-DSS program. The PCI Specialist – Senior will collaborate with the leaders within Information Security and with the internal stakeholders in the development and implementation of the enterprise-wide PCI-DSS compliance program. The PCI Specialist – Senior will analyze cardholder (Credit/Debit) data flows (business and application data flows) and accordingly determine the scope of the organizations PCI-DSS assessments and the risk to cardholder data. The PCI Specialist – Senior will ensure organization-wide compliance with PCI-DSS requirements to reduce Information Security risk to known and acceptable level.

Required Experience:

5

+ Years

Job Locations:

Location Restrictions:

Remote

Basic Qualifications and

As a trusted risk advisor, the PCI Specialist – Senior will be required to communicate effectively with internal and external stakeholders to offer accurate and timely information and reporting. The individual will coach, mentor and lead staff in the daily operations of assigned areas. They will be required to deliver timely high-quality results demonstrated through product created and metrics reporting. Effective use of soft skills is required(e.g. time management, communication (verbal and written), organization) and will be required to maintain good communication with project stakeholders and demonstrate outstanding customer service that fosters positive relationships throughout the organization. The PCI Specialist – Senior is expected to have good understanding of US Healthcare including applicable laws, regulations and business needs, especially as they relate to a large provider organization like Client (ADH).

Responsibilities

· Support the PCI-DSS compliance initiatives aligned with business goals

· Support new acquisitions for any PCI-DSS compliance requirements

· Partner with security and network architecture team to help define and implement protections and defense-in-depth for PCI-DSS compliance requirements and help solve architecture gaps to maintain PCI-DSS attestation

· Partner with the stakeholders e.g., Business, Finance, Treasury, Legal, Network and Security architecture for PCI-DSS remediation gaps and status tracking required for maintaining compliance.

· Conduct periodic audits to continue to evaluate compliance with the PCI-DSS

· Review periodic network scans to identify vulnerabilities and partner with technology, engineering and architecture teams to remediate those vulnerabilities

· Serve in a consultative role to ensure individuals are aware of PCI-DSS compliance obligations and how to support compliant behavior and use of technology

· Escalate compliance concerns timely and effectively to business line management and to the Director of Enterprise Security

· Assist with the annual Self-Assessment Questionnaires (SAQ) and AOC review and coordinate with stakeholders the timely remediation of any gaps noted during process.

· Support awareness training of the workforce on information security standards, policies and best practices that help educate and grow PCI-DSS awareness

· Support the Incident Response Team to ensure timely containment, investigation, mitigation and response related to suspected merchant data compromises.

· Establish transparent and measurable risk management metrics and reporting for the PCI-DSS Program

Required Skills and Experience

· Knowledge of the following areas: PCI-DSS, HIPAA Security and Privacy Rule, Red Flags Rule, HITECH, Meaningful Use (MU) and HITRUST.

· Knowledge of Audit frameworks

· In-depth knowledge and experience with PCI-DSS, Risk Management Standards (OCTAVE/ NIST/ISO)

· Experience in analyzing penetration testing results and prioritizing remediation for identified vulnerabilities.

· Knowledge of driving PCI-DSS remediation tracking and follow ups with the stakeholders.

· Experience on analyzing PCI-DSS ASV scan reports.

· Knowledge in utilizing a risk-based approach to secure applications, databases and infrastructure based upon business needs.

· Skilled in auditing information security programs and systems.

· Ability to review network and security device (i.e., Firewalls, Switches, Routers, IDS, IPS and Load Balancers etc.) configurations and analyze network architectures.

· Ability to review system hardening (Servers/Virtualization Devices/ Cloud Infrastructure/ Databases)

· In-depth knowledge and experience in IT Security, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption and key management best practices etc.

· Understanding of security requirements related to cloud-based applications/environments.

· Experience in performing scoping, gap assessment and remediation for PCI-DSS in-scope environments.

· Experience in Microsoft suite of applications (Word, Excel, PowerPoint, Project, etc.).

· Excellent in English – written and spoken

· Good project management and time management skills.

· Team player with a positive and enthusiastic attitude.

· Ability to coordinate and prioritize multiple tasks and projects simultaneously.

· Ability to work in fast-paced environment to support evolving business needs.