InfoSec PCI Compliance Lead

Business Integra Englewood ,Colorado 12/Jun/2023

visibility hidden
  Refer
  • Company Name: Business Integra
  • Job Type: C2H
  • How many positions: 1
  • Eligibility: Citizen, G Card

Job Description

Job Duties and Responsibilities 

Primary responsibilities of the Information Security PCI Compliance Program Manager include the following:

  • Draft policies/procedures that govern the security of DISH PCI data across the enterprise with a specific focus on compliance requirements.
  • Design, lead and execute a Compliance program focused on PCI data handling across the enterprise.
  • Partner with security teams to identify and analyze security requirements to align with PCI compliance standards.
  • Track, document and address PCI compliance gaps to ensure timely closure.
  • Manage the annual PCI audit including evidence gathering, quality assurance of evidence, coordination of audit resource meetings, and other tasks required to successfully complete the audit.
  • Ensure ASV Scans and Pentesting are conducted quarterly and annually, respectively with all remediation activities being completed within expected timelines.
  • Lead security enhancement projects focused on new or changing PCI compliance requirements.
  • Educate and build awareness of PCI compliance requirements.
  • Coordinate with Third Party Risk management to ensure PCI compliance needs are being addressed and tracked appropriately with third party vendors.
  • Coordinate with Privacy / Legal to ensure the overall compliance landscape is well understood and the program captures a complete view of our PCI compliance needs.
  • Continuously improve the PCI compliance program with new information, procedures, or documentation.
  • Coach and mentor junior staff.
  • Other responsibilities as assigned.

The successful candidate will possess the following qualifications: 

Competencies:

  • Project Management
  • Self-led Learner
  • Customer First Mentality
  • Strong Adaptability
  • Process Documentation Management
  • Process Mapping Development
  • Presentation Skills
  • Multitasking
  • Compliance + Risk Mindset
  • Communication w Executives
  • Team Mentorship
  • Can Interpret Regulations and Compliance Requirements
  • Thought Leadership
  • Cross-functional Team Leadership
  • Strategic Thinking and Planning (Team)
  • Brand & Team Ambassador
  • Solid Risk Management Foundation
  • Solid Information Security Foundation
  • Solid Security Control Framework Foundation
  • Expert PCI-DSS Knowledge
  • General Data Privacy Foundation
  • Can Teach/Educate Risk & InfoSec Principles
  • Can Consult Business on Risk and InfoSec Principles

Personality:

  • Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once. 
  • Must have good meeting management and communication skills to keep conversations focused and productive. 
  • Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision. 
  • Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.

Skills, Experience and Requirements 

Education and Experience:

·  Bachelor's Degree or equivalent experience and 4-6 years of directly related experience. 

·  Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.

·  Experience with compliance audits such as PCI and/or CPNI. Former QSA preferred.

·  Experience with NIST, ISO and other industry standards.

·  Expert user of Microsoft/Google Suite and an eGRC tool.

Other Qualifications:

  • Professional certification (CISSP, CISA, CSIM, CIA or similar) is highly desired.