Great careers start here

Senior Security Compliance Analyst

📁
Engineering/IT/Security/Software Development
📅
2000009I Requisition #
Sr. Security Compliance Analyst      REQ# 2000009I
 

Position Overview: 

The Cardholder Senior Security Compliance Analyst leads the Financial Instance Issuance (FII) Payment Card Industry (PCI) cardholder security audit and compliance program in the functional role of Security Manager.  Entrust Datacard is seeking an individual that will lead IS Audit and Compliance efforts supporting the FII cardholder environment impacted by PCI Card Production (CP), PCI Data Security Standards (DSS), and financial customer requirements.

 

Responsibilities:

  • Oversees PCI DSS and CP operational security compliance and audit functions
  • Review operational procedures to ensure they comply with security audit requirements
  • Submit periodic compliance reports as well as operational requirements defined in PCI CP and PCI DSS
  • Facilitate external security auditor engagements, organize required objective compliance evidence, schedule required resources and audit timelines
  • Review audit logs for anomalies and report and follow up on anomalies as required
  • Prepare and deliver PCI DSS and CP security audit and compliance scorecards to CISO and other leaders (e.g., CIO, Internal Audit, CFO, etc)
  • Perform all logical controls required by PCI CP and PCI DSS as well as document all artifacts so they are available for yearly audit.  (E.g., Ensure all changes are approved by the CISO or authorized individual, investigate all audit log validation failures, approval all FW rules in the CP cardholder data environment)
  • Work closely with facilities security to either directly perform physical control or make sure they are completed – these include daily, weekly, monthly, quarterly as well as yearly artifacts that are required to support continued PCI CP and DSS certifications.  Formal artifacts must be obtained and available for the PCI CP and DSS audits.
  • Facilitate timely identification, communication and recommended resolution of security risks
  • Serve as the internal and customer facing subject matter expert on PCI CP and PCI DSS;
  • Review and interpret vulnerability scan results;
  • Assistance with filling out SAQ questionnaires;
  • Assistance answering auditor questions;
  • Drive the ongoing PCI CP and DSS internal compliance (awareness training, vulnerability scans, etc.);
  • Advise customers and internal stakeholders on PCI best practices, compliance, and audit processes;
  • Proactively understand payment data security best practices and advocate for adoption of these internally at Entrust Datacard;
  • Coordinate with the various groups at EDC to adopt best practices, communicate system changes, and facilitate PCI documentation and compliance;
  • Assist with other audits and compliance activities relating to data security and technical controls;
  • Manage project document repository; maintain strict deadlines and positive vendor/customer relationships.

 

Qualifications - External

Basic Qualifications

  • Minimum 8 years of compliance and/or audit experience
  • Experience with Enterprise Network devices (i.e. routers, switches, firewalls).
  • Experience with Operating platforms (i.e. UNIX and Microsoft)
  • Proficiency conducting and evaluating/analyzing results from the following set of tools, to include but not limited to: Nexpose, WebInspect
  • Experience with preparing and testing IT Contingency Plans
  • Familiarity with security industry standards (ISO 17799, ISO 27002, NIST 800 series, PCI, etc.)
  • Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing.
  • 20% travel requirement

Preferred Qualifications:

  • Bachelor’s degree
  • Security clearance
  • CISA, CIA, CPA, CGFM, or CRISC certification a plus
  • Experience with PCI DSS and CP
  • Experience with creating all necessary PCI Certification and Accreditation documentation
  • Demonstrated ability to write business and technical reports and to participate in presentations.

About Entrust Datacard

Our growing company relies on curious, dedicated and innovative colleagues to anticipate the future and provide solutions for a more connected, mobile and secure world. Entrust Datacard technologies and expertise help government agencies, enterprises and financial institutions in more than 150 countries serve and safeguard citizens, employees and consumers. Each year, our solutions secure billions of transactions — and every day, our technologies issue and manage more than 10 million secure identities. How do we do all of this? Together.

Join us. Together we’ll create solutions for a more connected, mobile and secure life.

 

For more information, visit www.entrustdatacard.com. Follow us on Twitter, YouTube and LinkedIn.

 

Entrust Datacard Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

 

NO AGENCIES, NO RELOCATION

 #LI-SD

 

Basic Qualifications

  • Minimum 8 years of compliance and/or audit experience
  • Experience with Enterprise Network devices (i.e. routers, switches, firewalls).
  • Experience with Operating platforms (i.e. UNIX and Microsoft)
  • Proficiency conducting and evaluating/analyzing results from the following set of tools, to include but not limited to: Nexpose, WebInspect
  • Experience with preparing and testing IT Contingency Plans
  • Familiarity with security industry standards (ISO 17799, ISO 27002, NIST 800 series, PCI, etc.)
  • Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing.
  • 20% travel requirement

Preferred Qualifications:

  • Bachelor’s degree
  • Security clearance
  • CISA, CIA, CPA, CGFM, or CRISC certification a plus
  • Experience with PCI DSS and CP
  • Experience with creating all necessary PCI Certification and Accreditation documentation
  • Demonstrated ability to write business and technical reports and to participate in presentations.

About Entrust Datacard

Our growing company relies on curious, dedicated and innovative colleagues to anticipate the future and provide solutions for a more connected, mobile and secure world. Entrust Datacard technologies and expertise help government agencies, enterprises and financial institutions in more than 150 countries serve and safeguard citizens, employees and consumers. Each year, our solutions secure billions of transactions — and every day, our technologies issue and manage more than 10 million secure identities. How do we do all of this? Together.

Join us. Together we’ll create solutions for a more connected, mobile and secure life.

 

For more information, visit www.entrustdatacard.com. Follow us on Twitter, YouTube and LinkedIn.

 

Entrust Datacard Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

 

NO AGENCIES, NO RELOCATION

 #LI-SD

Previous Job Searches

Similar Listings

Shakopee, Minnesota, United States

📁 Engineering/IT/Security/Software Development

Requisition #: 2000008E

Shakopee, Minnesota, United States

📁 Engineering/IT/Security/Software Development

Requisition #: 2000008V

Shakopee, Minnesota, United States

📁 Engineering/IT/Security/Software Development

Requisition #: 2000006E