Our Client is seeking a transformation, technology savvy PCI Manager for North America with a track record of providing operational and tactical direction within PCI, PII, PHI, etc
This position provides centralized coordination, administration and support for the many elements of a distributed security infrastructure. This position will use and apply the knowledge of various technologies to help the company meet its business requirements in a secure manner while managing risk. Candidate also serves as the subject matter expert for the GRC areas including PCI and SOC 2 audits, NIST CSF and ISO 27001 frameworks. The candidate must be a team oriented self-motivator with excellent interpersonal skills and the ability to discuss complex security requirements in simple non-technical terms. The North America PCI Program Manager must be able to demonstrate a high degree of proficiency in risk management related to information security concepts.
The position works closely with teams in other information security disciplines, business capability owners, application development, technology support and operations to provide guidance on the compliance and protection of the CircleK information assets. Participate in the planning, design, installation, and maintenance of security systems in support of security policies. Work with Global Technology staff and business units to assess risk and address security issues.
Essential Duties and Responsibilities (Not intended to be all inclusive):
- Leads the PCI NA Program for CircleK including attestations, remediation, and overall project plan.
- Architects, designs, implements, maintain and operate information system security controls and countermeasures.
- Analyzes and recommends security controls and procedures in acquisition, development, and change management life-cycle of information systems.
- Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets.
- Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments , engages and coordinates third-party risk and compliance assessments.
- Lead both internal and external audits to ensure compliance with all industry-mandated regulations.
- Manage compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures.
- Assist Legal and Technology organizations with all required compliance/security-related documentation. Ensure documentation is standardized, updated and organized.
- Participate in the development and implementation of new business initiatives involving compliance to ensure functionality required to support required compliance.
- Provide guidance to business functions on compliance/security-related matters.
- Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
- Initiate improvement activity to reduce risk, ensure compliance, lower cost, and improve quality within IT processes.
- Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.
- Refine and revise existing policies and procedures to support internal and external compliance programs. Author new policies and procedures and ensure adequate training for adherence by employees.
- Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
- Deliver findings, recommendations and remediation steps for all activities, in a clear, concise and audience-specific format. Perform periodic security risk assessments and advise business stakeholders on best practices to reduce risk and overall breach profile.
- Demonstrated knowledge and understanding of relevant legal and regulatory requirements, including Payment Card Industry/Data Security Standard (PCI DSS), Money Transmitter regulations, the Health Insurance Portability and Accountability Act (HIPAA), and IT and Data Security.
- Bachelor’s degree in information technology or directly related field, 4 years of professional experience related to assignment.
- An equivalent combination of education and experience (8 years minimum) sufficient to successfully perform the essential duties of the job such as those listed above, unless otherwise subject to any other requirements set forth in law or regulation.
Certifications, Licenses, Registrations
- Accessor Certification as issued by PCI is preferred but not required.
- CISSP certification is required.
- Detailed knowledge of the PCI, SOX standards and compliance requirements.
- Ability to lead the PCI Program including attestations, remediations, and overall project plan. Required 4 Years
- Demonstrated knowledge and understanding of relevant legal and regulatory requirements around Payment Card Industry/Data Security Standard (PCI DSS). Required 5 Years
- Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems. Required 5 Years.
- Lead both internal and external audits to ensure compliance with all industry-mandated regulations. Required 3 years
- Assist Legal and Technology organizations with all required compliance/security-related documentation.
- Refine and revise existing policies and procedures to support internal and external compliance programs.