IT Risk Manager


Melville, NY

Industry: IT Consulting/Services


8 - 10 years

Posted 274 days ago

This job is no longer available.

Manages the technical aspects of Northwell?s PCI (Payment Card Industry) compliance program focusing on maintaining security controls and processes and supporting evaluations of new credit card processing systems and/or methods. Supportsinternal compliance efforts, identifies and assesses risks and works withinternal technology owners to appropriately document, test and report PCI compliance status.

Duties and Responsibilities:

  • Manages and implements staffing requirements
  • Recommends, implements and adheres to approved operating goals, objectives and budget. Reports operational performance, justification and/or corrective action.
  • Ensures operating compliance with government and agency regulations.
  • Selects, develops, manages and evaluates direct reports; and oversees the selection, development, management, and evaluation of indirect reports.
  • Supportinternal PCI technical compliance evaluations to ensure appropriate implementation of controls and alignment with the PCI-DSS standards. Identify potential gaps, develop corrective action plans and oversee remediation activities.
  • Develop and maintain PCI related network and data flow documentation. Advise process and technology owners on documentation and testing requirements.
  • Oversee execution of security control test procedures across network devices, applications, databases and operating systems in scope for PCI compliance.
  • Partner with all levels of IT and business management to ensure PCI compliance testing is conducted in a cooperative, timely and efficient manner with cost-effective recommendations being provided to management when compliance gaps are identified.
  • Support review of PCI Self-Assessment Questionnaires (SAQ) and other related regulatory documentation required for the annual attestation, as applicable. Identify, gather and retain supporting evidence.
  • Partner with third-party Qualified Security Assessors (QSA) to validate Northwell?s compliance with the PCI-DSS standard. Monitor corrective actions and process improvement plans.
  • Support quarterly attestation of compliance (AoC) submissions, ongoing vulnerability scans and periodic penetration tests. Document findings, develop remediation plans and track status.
  • Prepare status reports and executive summaries on the PCI Compliance Program.
  • Conduct end to end PCI compliance system reviews for new and proposed cardholder applications and services.
  • Continually evaluate and identify relevant changes to PCI requirements and assess the impact of these changes on Northwell?s PCI Compliance program.
  • Performs related duties, as required.


  • Bachelor?s Degree, required, with a technology discipline, preferred.
  • 5+ years progressively responsibleriskexperience, including management experience, required.
  • 7+ years related PCI experience with emphasis on assessment, required.
  • CISSP, CISA or equivalent, required.
  • Current or former QSA or ISA, required.
  • Current knowledge of compliance trends, issues and regulations, preferred.

Job Type: Full-time


  • Payment Card Industry: 1year
  • Compliance Management: 5years


  • Bachelor's

Required licenses or certifications:

  • CISA