Security Analyst - PCI Program Manager
Description
The PCI Program Manager (Payment Card Industry) will primarily be responsible for the successful completion of the Tyler's PCI compliance audits and self-assessments. The PCIPM will be responsible for ensuring that established processes and technologies, including file integrity monitoring, strong authentication, intrusion detection, web application firewalls, centralized logging, and vulnerability management, are executed as required and continue to demonstrate compliance with the PCI DSS. Additionally, the PCIPM will be required to answer SFG employee’s questions related to PCI compliance and provide appropriate guidance on meeting or maintenance requirements.
Candidates with Qualified Security Assessor (QSA), Associate QSA (AQSA), or Internal Security Assessor (ISA) certifications are preferred. Candidates may utilize experience successfully completing multiple Level1 audits as a merchant or service provider in lieu of a certification. Candidates must display strong problem solving and communication skills as well as a familiarity with the types of security process and technologies required to meet PCI compliance. Candidates must have at least 3 years of experience working in information technology, compliance or security, strive to align daily work with Enterprise IT objectives and display creativity and tenacity when solving problems.
RESPONSIBILITIES
- Must have a strong understanding of PCI requirements including changes in DSS v 4.0
- Establish a schedule of required activities with associated process owners and ensure their timely completion
- Recommend improvements to security technologies or processes in order to enhance the PCI compliance program
- Create, review and improve documentation to support the PCI compliance program
- Consult with multiple business teams, including leadership, to ensure they effectively meet PCI requirements
- Provide guidance to technology and business teams on how to meet PCI requirements
- Organize SFG’s response and participation in PCI audits and self-assessment questionnaires (SAQ)
- Report to management the status of all SFG PCI audits and SAQs
- Manage SFGs Approved Scanning Vendor (ASV) scan execution and analysis of both internal and external (as applicable) applications
QUALIFICATIONS
- QSA, AQSA or ISA certification preferred
- Completion of multiple Level1 merchant or service provider audits
- Ability to achieve and/or maintain an ISV certification
- 3 years of experience information technology, compliance or security
- Familiar with concepts, practices, and procedures associated with the PCI DSS
- Relies on instructions and pre-established guidelines to perform the functions of the job
- Shares knowledge with SFG personnel
- Ability to contribute to a team project through completion
- Fundamental understanding of audit procedures
- Fundamental understanding of network concepts and operations
- Fundamental understanding of operating system concepts and operations
- Ability to guide SFG success through other teams
- Ability to effectively communicate status, issues, and recommendations to management