- Manage credit card compliance program, including IT/security due diligence assessments, customer/ business partner audits and/or request for information, and development of PCI governance program.
- Provide oversight of decision-making and prioritization for credit card security governance, policy alignment, guidance, and interpretation.
- Establish credibility and maintain strong working relationships with internal & external stakeholders involved with CC security governance, risk and compliance matters.
- Provide guidance to business stakeholders relating to the development of controls for critical business processes/activities to adhere to best practices based on laws, regulatory expectations and industry standards (e.g. SOX, CIS Security Controls, CCPA, PCI-DSS, etc.)
- Maintain repository of program-level documentation of the process and procedures surrounding credit card security governance program.
- Assess and test IT/security control environments impacting the CC governance program for compliance with policies & applicable regulations.
- Conduct 3rd party security due diligence and support audits/ information requests originating from business partners and customers.
- Drive execution of the PCI program, including, but not limited to, policy enforcement, monitoring and tracking, performance & risk metrics (KPI/KRI), incorporation of PCI compliance requirements into business and technology roadmaps, training and awareness, and corporate communications.
- Actively perform internal self-assessments and facilitate assessments performed by external Qualified Security Assessors (QSA).
- Drive and monitor issue remediation activities across organizational functions to ensure gap closure for CC governance program.
- Stay abreast of changes in current applicable contractual obligations and regulations including, but not limited to Payment Card Industry Data Security Standards and recommend updates to policies and program.
Job Post Information* : Posted Date
2 weeks ago(8/5/2019 7:41 PM)
- Security Training and Awareness (75%)
- Develop and maintain a security awareness program geared towards technical audiences and stakeholders
- Partner with key members of the Technology organization to drive learning at all levels
- Review training content and delivery methods
- Support the operationalization of learning, which may include managing logistics and vendor relationships
- Write, update and maintain technical documentation and processes
- Drive forward best practices within the organization around secure coding, sensitive data, industry regulations, standards, compliance requirements
- Security Program Engagement (25%)
- Develop measures to effectively track and report on the efficacy of trainings and awareness efforts
- Draft communications to relevant audiences
- Standards and policies, especially as related to technical teams
- Build and run a security champion/ambassador program