IT Risk Manager

Confidential Company  •  Melville, NY

8 - 10 years experience  •  IT Consulting/Services

Salary depends on experience
Posted on 03/14/18
Confidential Company
Melville, NY
8 - 10 years experience
IT Consulting/Services
Salary depends on experience
Posted on 03/14/18

Manages the technical aspects of Northwell?s PCI (Payment Card Industry) compliance program focusing on maintaining security controls and processes and supporting evaluations of new credit card processing systems and/or methods. Supportsinternal compliance efforts, identifies and assesses risks and works withinternal technology owners to appropriately document, test and report PCI compliance status.

Duties and Responsibilities:

  • Manages and implements staffing requirements
  • Recommends, implements and adheres to approved operating goals, objectives and budget. Reports operational performance, justification and/or corrective action.
  • Ensures operating compliance with government and agency regulations.
  • Selects, develops, manages and evaluates direct reports; and oversees the selection, development, management, and evaluation of indirect reports.
  • Supportinternal PCI technical compliance evaluations to ensure appropriate implementation of controls and alignment with the PCI-DSS standards. Identify potential gaps, develop corrective action plans and oversee remediation activities.
  • Develop and maintain PCI related network and data flow documentation. Advise process and technology owners on documentation and testing requirements.
  • Oversee execution of security control test procedures across network devices, applications, databases and operating systems in scope for PCI compliance.
  • Partner with all levels of IT and business management to ensure PCI compliance testing is conducted in a cooperative, timely and efficient manner with cost-effective recommendations being provided to management when compliance gaps are identified.
  • Support review of PCI Self-Assessment Questionnaires (SAQ) and other related regulatory documentation required for the annual attestation, as applicable. Identify, gather and retain supporting evidence.
  • Partner with third-party Qualified Security Assessors (QSA) to validate Northwell?s compliance with the PCI-DSS standard. Monitor corrective actions and process improvement plans.
  • Support quarterly attestation of compliance (AoC) submissions, ongoing vulnerability scans and periodic penetration tests. Document findings, develop remediation plans and track status.
  • Prepare status reports and executive summaries on the PCI Compliance Program.
  • Conduct end to end PCI compliance system reviews for new and proposed cardholder applications and services.
  • Continually evaluate and identify relevant changes to PCI requirements and assess the impact of these changes on Northwell?s PCI Compliance program.
  • Performs related duties, as required.


  • Bachelor?s Degree, required, with a technology discipline, preferred.
  • 5+ years progressively responsibleriskexperience, including management experience, required.
  • 7+ years related PCI experience with emphasis on assessment, required.
  • CISSP, CISA or equivalent, required.
  • Current or former QSA or ISA, required.
  • Current knowledge of compliance trends, issues and regulations, preferred.

Job Type: Full-time


  • Payment Card Industry: 1year
  • Compliance Management: 5years


  • Bachelor's

Required licenses or certifications:

  • CISA

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.