Manages the technical aspects of Northwell?s PCI (Payment Card Industry) compliance program focusing on maintaining security controls and processes and supporting evaluations of new credit card processing systems and/or methods. Supportsinternal compliance efforts, identifies and assesses risks and works withinternal technology owners to appropriately document, test and report PCI compliance status.
Duties and Responsibilities:
- Manages and implements staffing requirements
- Recommends, implements and adheres to approved operating goals, objectives and budget. Reports operational performance, justification and/or corrective action.
- Ensures operating compliance with government and agency regulations.
- Selects, develops, manages and evaluates direct reports; and oversees the selection, development, management, and evaluation of indirect reports.
- Supportinternal PCI technical compliance evaluations to ensure appropriate implementation of controls and alignment with the PCI-DSS standards. Identify potential gaps, develop corrective action plans and oversee remediation activities.
- Develop and maintain PCI related network and data flow documentation. Advise process and technology owners on documentation and testing requirements.
- Oversee execution of security control test procedures across network devices, applications, databases and operating systems in scope for PCI compliance.
- Partner with all levels of IT and business management to ensure PCI compliance testing is conducted in a cooperative, timely and efficient manner with cost-effective recommendations being provided to management when compliance gaps are identified.
- Support review of PCI Self-Assessment Questionnaires (SAQ) and other related regulatory documentation required for the annual attestation, as applicable. Identify, gather and retain supporting evidence.
- Partner with third-party Qualified Security Assessors (QSA) to validate Northwell?s compliance with the PCI-DSS standard. Monitor corrective actions and process improvement plans.
- Support quarterly attestation of compliance (AoC) submissions, ongoing vulnerability scans and periodic penetration tests. Document findings, develop remediation plans and track status.
- Prepare status reports and executive summaries on the PCI Compliance Program.
- Conduct end to end PCI compliance system reviews for new and proposed cardholder applications and services.
- Continually evaluate and identify relevant changes to PCI requirements and assess the impact of these changes on Northwell?s PCI Compliance program.
- Performs related duties, as required.
- Bachelor?s Degree, required, with a technology discipline, preferred.
- 5+ years progressively responsibleriskexperience, including management experience, required.
- 7+ years related PCI experience with emphasis on assessment, required.
- CISSP, CISA or equivalent, required.
- Current or former QSA or ISA, required.
- Current knowledge of compliance trends, issues and regulations, preferred.
Job Type: Full-time
- Payment Card Industry: 1year
- Compliance Management: 5years
Required licenses or certifications: