The PCI DSS Internal Controls Senior Manager will have the opportunity toimpactmeaningfully and contribute to GEICO27s Control Program. The PCI DSS Internal Controls Senior Manager plays a key role in the continued development, transformation, and maturity of an ever-growing Controls Security Program that supports the delivery of the industry compliance PCI certifications to support security requirements. In this role, you will be helping to transform and implement GEICO27s PCI DSS program. This will include partnering with the PCI DSS Team in the planning,preparationand execution of PCI audits, providing subject matterexpertise, and working collaboratively with internal teams, external customers, internal and external auditors, and other stakeholders.

Position Responsibilities

As a PCI DSS Internal Controls Senior Manager, you will:

• Assistin the transformation of GIECO27s PCI DSS program.

• Ensurethe company designs, implements, andmaintainssecure computer systems and networks thatcomply withthe Payment Card Industry Data Security Standard (PCI DSS).

• Communicate control deficiencies to the process owners and provide recommendations for remediation.

• In collaboration with process owners, process managers and technology owners, ensure proper documentation of all policies and procedures applicable to the controls of significant processes,specifically,those related to network and security devices.

• Identifykey controls, perform gapanalysisand update processes to meet controlobjectivesas well asidentifyand mitigate security risks and vulnerabilities in the organization27s systems and networks.

• Identify, evaluate, document, andmonitorthe remediation of control deficiencies, with an emphasis onassistingprocess and IT owners to remediate control deficiencies.

• Assistmanagement with meeting coordination, follow-up, presentations, and documentation.

• Facilitate external auditors with performance or independent testing and coordination with process owners. Provide direct assistance, as needed (e.g., keyreportstesting, walkthroughs).

• Assist with PCI DSS quarterly control certification survey of process owners and process managers throughout the organization.

• Maintain the audit,assessmentsfindings resolution.

• Assistin BC/DR testing and finding resolutions.

• Develop and implement enterprise governance, risk, and compliance strategy and solutions.

• Assistin audit readiness assessments for any new standards NIST 800-53.

• Automate andassistin gathering the audit evidence for all cyber audits

• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditingprocess.

• Use knowledge and skills to influence remediation and prioritization of key risks whiledemonstratingholistic understanding and management of risks according to regulatory requirements and industry best practices.

• Create efficienciesin foraudit engagements byestablishingand maintaining a document request list (DRL) library.

• Stay up to date andinformedon developing regulatory concerns and changing IT and information security trends.

Qualifications:

• Must have the Payment Card Industry Professional Certification (PCIP).

• Minimum of 5yearswork experience in auditing, control assessment, PCI DSS.

• Strong experience with PCI DSSstandard.

• Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC and NIST

• Must have experience with security technologies such as firewalls, intrusion detection and prevention systems, and encryption technologies.

• Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI)

• Experience working with internal and external auditors.

• Knowledge of one of the following areas isa must: computer networking, network security practices,complianceor computer security.

• Knowledge of Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration

• Extensive hands-on experience with security testing and auditing tools andtechnique.

• Strong knowledge of information systems auditing, monitoring, controlling, and assessment process

• Ability to work in fast paced environment.

• Ability to work independently and strategically.

• Demonstratedexpertiseinidentifyingand analyzing controls and developing effective mitigation strategies.

• Excellent critical thinking, problem-solving, and decision-making skills.

• Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.

• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.

The following Cybersecurity certifications are highly desired:

• Security+

• CISM (Certified Information Security Manager)

• CISSP (Certified Information Systems Security Professional)

• CISA (Certified Information Systems Auditor)

• CRISC (Certified in Risk and Information Systems Controls)

• Or other relevant cybersecurity certifications

Experience

• Minimum of 6 years of experience in Governance, Risk, and Compliance, preferably in the insurance and financial services industry.

• Minimum of 5 years of experience working with PIC DSS, NIST 800-53

Education:

• Bachelor27s degree in engineering, Computer Science, Information Security, or a related field

Location:
This hybrid role involves on-site presence 3 days per week at one of our office locations in Chevy Chase, MD, New York, NY, or Chicago, IL