Responsibilities

Seeking experienced team member to join the Cyber Security - GRC Organization. The GRC PCI Manager will be responsible for providing subject matter expertise, and day-to-day execution of programs and services aimed at meeting PCI DSS compliance requirements and reducing risk. The Manager will manage the discovery process for new internal PCI clients and work with business PCI Coordinators to complete remediation of items identified as “Not in Place”.  Once compliance is achieved, the PCI Manager will track that compliance is maintained and will be responsible for ensuring PCI Coordinators monitor their control owners on the gathering, approval, and storage of PCI evidence used as input to the PCI Report on Compliance (RoC) and Self-Assessment Questionnaire (SAQ) processes.

Key Qualifications:

• Demonstrated knowledge of Payment Card Industry Data Security Standard (PCI DSS) requirements and experience with prioritized implementation in a global environment.
• Able to review Report on Compliance/Assessment report and provide guidance on remediation actions and advise on services that could be of benefit relative to industry trends around achieving compliance (i.e. technical solutions).
• Support teams by answering business and technical questions related but not limited to PCI DSS, PA-DSS, Trusted Advisory, Policy and Procedures & Penetration Testing.

• Self-starter who can own all responsibilities with little to no supervision.

• Identify and support all NBCU business processes that accept, transmit, process, store, or can impact the security of payment transactions and assist business owners in achieving PCI DSS compliance
• Identify PCI DSS compliance requirements for each NBCU business process by reviewing architecture and/or network configuration
• Recommend solutions to resolve control gaps identified during assessments and monitor completeness and sustainability of remediation efforts
• Manage third-party qualified security assessor (QSA) for any certification where a QSA is required and manage process of providing all necessary evidence during PCI assessments
• Anticipate PCI-related issues and escalate as appropriate
• Assist teams in maintaining PCI compliance as new card acceptance solutions and technologies are adopted and rolled out
• Manage Risk Acceptance Process for PCI related risks
• Work with PCI Coordinators as the PCI SME on assigned projects and offer council regarding the intent of PCI requirements
• Maintain documentation critical to the PCI program
• Monitor PCI Security Standards Council for changes to the current PCI DSS framework
• Educate and raise awareness on payment processing risks and controls
• Assist stakeholders with control design and enhancements
• Liaise with risk champions, application owners, control owners, QSA’s, risk SMEs such as Information Security, Internal Audit and specialized risk management teams
• Contribute to enterprise IT Risk and Control awareness efforts
• Maintain deep understanding of organization wide objectives, interactions, issues and risks

Qualifications/Requirements

Minimum Requirements
•Bachelor's degree or equivalent
•Five to seven years of experience in PCI DSS compliance requirements and implementation
•Demonstrated knowledge of Payment Card Industry Data Security Standard (PCI DSS)
•Knowledge of IT Risk Frameworks such as NIST, ISO, CSA, etc.
•Understanding of payment industry participants and payments terminology
•Ability to work independently and in cross functional teams
•Strong analytic skills for problem analysis and resolution
•Experience with the MS office suite – Excel, PowerPoint, Word etc.
•Strong written, verbal communication and organizational skills

Desired Characteristics

•Security certification such as PCIP, ISA, QSA CISSP, CISM or CISA
•Experience evaluating transactions flows and making determinations on how and when to use Self-Assessment Questionnaires
•Experience working with third party service providers to ensure data is maintained in a secure and compliant manner
•Knowledge of IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, routers, firewalls, virtualization, tokenization
•Experience evaluating the use of compensating controls
•Ability to communicate with various executives and stakeholders of every level
•Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements
•Experience supporting enterprise-wide technology initiatives and creating a risk-aware culture
•Experience in Project Management
•Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise