Gravity IT Resources
Job Title: PCI Compliance Analyst
Location: Doral, FL
Referral Fee: +/- $150/week
Employment Eligibility: Gravity will consider US Citizens, Green Card Holders and those with full-time US Employment Authorization (H-1B Candidates). We are also open to contract or “corp to corp” agreements for highly qualified candidates.
Gravity is looking for a PCI Compliance Analyst to spearhead our client’s assessment and remediation efforts. The successful candidate will possess strong experience running global PCI compliance assessments including: conducting interviews, collecting evidence and ensuring remediation efforts are met.
Our client is $19B, global cruise company and one of the largest vacation companies in the world and provides a comfortable, fun and inclusive working environment. Technology is a major driver of this company’s efforts to continue to deliver exceptional value to its customers.
Duties & Responsibilities:
• Bachelor’s degree in computer science or related work experience
• 3-4 years’ experience executing PCI compliance programs
• 3-4 years technical experience with global company environments
• Experience with complex risk-based approach to internal and external compliance efforts
• Proven analytical and organizational skills to independently work on multiple projects, and meet deadlines while ensuring quality results, is expected.
• Must have familiarity with systems, networks, and a variety of the security concepts, practices, and procedures
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues
• Demonstrated ability to manage multiple assignments and deadlines
• Excellent communication skills and significant attention to detail (both written and verbal)
• Ability to work independently and effectively with all levels of staff and management both internally and externally
• Knowledge of the ISO, COBIT and PCI DSS control frameworks is expected
• Professional certification such as CISA, CISM, CRISC or CIPP is a plus
• Proficiency with Microsoft Office Suite
Required Experience & Skills:
• Develop project requirements, objectives, plans, schedules and tasks for both IT and the business community related to compliance activities
• Coordinate PCI assessments -related tasks to ensure the readiness of managers and their teams for assessment testing and facilitating the timely resolution of any findings
• Own the processes to validate the coverage and configuration of the core security solutions required by the PCI DSS
• Work with SMEs to design and implement solutions required for remediation
• Work closely with project team members to document current PCI requirements and instruct team members in appropriate control rationalization and test evidencing techniques
• Advise on proposed security tool and process changes that could impact PCI DSS compliance
• Knowledge of all requirements of the PCI DSS v3.x, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands
• Intermediate knowledge of the following areas: Penetration Testing, Vulnerability Scanning, Anti-virus and Malware, Application Code Scanning and Secure Coding Practices, Configuration Management, File Integrity Monitoring, Multi-Factor Authentication, Encryption and Key Management, Hardening of servers and network devices
• Ensure reports and findings are delivered in a timely and appropriate manner to management
• Facilitate compliance with the PCI DSS via regular monitoring of related activities
• Execute multiple PCI DSS control validation programs simultaneously with specific deadlines.
• Recognizes and identifies potential areas where existing policies, standards and procedures require change.
• Coordinate certified PCI ASV scans, ensure passing scan for each quarter, and drive remediation of scans
• Manage the progress of remediation steps on identified control deficiencies
• Support additional internal and external PCI compliance activity as part of the PCI Program