PCI Security Auditor
Aditi Staffing - San Jose, CA

This job posting is no longer available on TalentDesk.com. Find similar jobs: Pci Security Auditor jobs - Aditi Staffing jobs

PCI Compliance Specialist

Primary Job Responsibilities

We are looking for a highly talented, experienced Information Technology Compliance Specialist to assist the organization with meeting Payment Card Industry (PCI) and other public and private regulatory requirements. This person will perform the following functions:

Work with internal and external auditors to evaluate compliance with internal policies and standards as well as external regulatory requirements.Interpret audit requirements to ensure appropriate definition of controls.Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls.Monitor and perform compliance testing, issue testing findings, prepare written report of findings, perform follow up testing, and assist in correcting deficiencies.Lead the innovation and continuous improvement of IT internal control framework, including the integration of multiple compliance requirements.Communicate controls, policies, standards, and compliance requirements to the business and IT staff.Regularly interact with senior management and internal and external auditors to convey findings identified through walkthroughs and testing, assess the risk and impact of deficiencies, and make recommendations for remediation.Analyze regulatory developments and recommend integration into the organization policies and standards.Provide subject matter expertise on technologies such as Open Protocols, SRED, Encryption, HSM, Tokenization, Mobile Security, Cloud Computing and Virtualization

Advice control owners on the implementation of controls related to network segmentation, OS and DB hardening, secure applications development, logging and monitoring, vulnerability management, access management, information security management, etc. Job requirements and Basic Qualifications

Demonstrated in depth understanding of the payment Security Industry Data Security Standard (PCI-DSS), PA-DSS and/or PTSUnderstanding of regulatory requirements for the financial services sector including Sarbanes Oxley (SOX) section 404, FFEIC, GLBA, OFAC, and other regulatory requirements a plus.Experience with /SSAE 16/AT 101 and/or internal audit assessments and processes.Understanding of information security and risk management frameworks such as COBIT, ISO17799/2700x, NIST, FIPS and COSO.Technology/information risk management experience in analyzing business processes and the related technology that supports these processes. Experience in performing risk assessments (e.g., evaluate threats, vulnerabilities, likelihood, and impact) and identifying mitigating controls.Technology background with familiarity in at least two of the following: distributed systems (Linux, Solaris, Windows), databases, networks (LAN/WAN technologies, firewalls, routers, software development, etc.Familiarity with mitigating controls at the systems, network, and application level.Audit/assessment experience in the financial services industry, especially in a large/global/diversified organization or large/global Internet ecommerce organization background requiredAbility to explain technical jargon in simplified terms.Ability to track and manage numerous parallel activities.Ability to work efficiently and independently with minimal supervision (i.e., self-motivated and willing to stretch to meet important deadlines).Ability to work in a fast-paced, dynamic environment.Ability to work successfully in a cross-functional team environment.Ability to build and maintain constructive working relationships with a diverse community (in and outside of technology); ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences.Ability to earn the trust and respect of colleagues both in and outside of the Information Security team.Bachelor’s degree required, graduate degree a plusMinimum of 5+ years of information security, payment card technologies and payment device physical and logical security constructsIndustry certifications in the areas of Information Security/Systems – CISSP, CISA, CRISP, CGEIT - PCI ISA/QSA a plusWorking knowledge of the financial industry and the lifecycle of payment card transactionsWorking experience with payments industry software and hardware development methodologies and practicesExcellent written and oral communication skills; ability to express thoughts clearly, know how to listen and contribute in a team environmentMust be flexible, proactive, quick to learn and have a can-do attitudeFamiliarity with mobile payment transactionsUnderstanding of the financial and payment card processing industriesStrong comprehension skills for understanding information security best practices and applying knowledge to PCI requirementsStrong organization and time-management skills

About this company
7 reviews
EXPERIENCE THE DIFFERENCE Aditi Staffing is a certified diversity IT staffing firm headquartered in Bellevue, WA, with locations across the...