The candidate will be a member of the Global Information Security team responsible for technical and procedural security control activities for eBay's Payments, Risk, and Billing systems. This individual will work directly with business leaders to understand security control requirements, lead technical control assessments and mitigation efforts, and develop effective remediation programs and actions to resolve security control gaps and issues. The successful candidate will have a strong understanding of technical and procedural security controls and solutions for financial payment systems, as well as threats and challenges impacting the protection of information across an extended global enterprise. The successful candidate will also have the ability to effectively communicate pragmatic guidance to business leaders and customers that effectively balances security risks with the needs of the business.
Responsibilities include, but are not limited to, the following:
- Consult with business units and technology teams to ensure adherence to security policies, standards, and regulatory requirements related to Payments.
- Implementation and adoption of financial industry Payments Security control frameworks, as well as reporting.
- Perform security controls assessments against the Payment Security control framework of both business units and technical initiatives for eBay's Payments, Risk, and Billing systems to identify operating effectiveness of critical controls.
- Communicate identified technical control risks to business leaders to ensure a clear understanding of these risks. Partner with business and technical leaders to develop pragmatic solutions to address identified control risks.
- Manage remediation of security issues with technology and business teams to ensure remediation is completed timely and effectively.
- Define security control requirements for various Payments, Risk, and Billing technologies and platforms.
- Analyze complex network security architectures for control requirements.
- Identify and implement solutions to automate security control testing and reporting for maximum efficiency and effectiveness.
- Create documentation to ensure consistent, reliable, and repeatable activities.
- All other duties as required.
SKILLS AND QUALIFICATIONS
The successful candidate for this role will have the following skills and qualifications:
- Bachelor Degree in Engineering, Computer Science, Information Systems, Business Management or related discipline or equivalent, with 8+ years of related experience (or Masters and 6+ years related experience or PhD and 4+ years experience).
- CISSP, CISM, CISA, or equivalent information security certification
- In depth understanding of compliance regulations and requirements such as PCI, SOC, SOX, GLBA, GDPR, FFIEC, and various Data Protection Laws.
- Experience in ecommerce, retail, and/or financial services and technology industries;
- Proven track record of successfully managing and implementing technical control assessment programs.
- Demonstrated leadership in delivering security solutions that enable business success.
- Demonstrated experience in influencing executive leadership on security control activities and direction.
- Strong project management, interpersonal, relationship building, collaboration and influencing skills.
- Must be able to interface, influence, and coordinate work efficiently and effectively with business colleagues and teams in multiple locations at all levels.
- In-depth knowledge of information security principles and of relevant industry standards.
- Ability to establish a working relationship that enables self-direction in gathering requirements and scoping work.
- Aptitude to quickly learn new environments and technologies.
- Must be organized, goal-oriented, and a self-starter.
- Experience working in a fast-paced, highly complex environment.
- Experience working with cross-functional teams to deliver results.
- Ability to travel (domestic and international) as required.