The Security Compliance Officer focused on PCI and SOC 2 compliance is responsible for overseeing and managing an organization's security posture to ensure adherence to Payment Card Industry Data Security Standard (PCI DSS) and Service Organization Controls 2 (SOC 2) regulations, conducting regular assessments, identifying risks, implementing necessary controls, and maintaining comprehensive documentation to demonstrate compliance across both frameworks.
General Responsibilities:- Conduct regular PCI DSS and SOC 2 compliance assessments, including vulnerability scanning, network penetration testing, and policy reviews.
- Analyze assessment results to identify compliance gaps and develop remediation plans.
- Gather evidence and documentation to support compliance claims during audits by external auditors.
- Implement and maintain security controls aligned with PCI DSS and SOC 2 requirements, including access controls, encryption, data masking, and incident response procedures.
- Monitor security controls on an ongoing basis to ensure effectiveness and identify potential risks.
- Develop and maintain comprehensive security policies and procedures related to PCI and SOC 2 compliance, including data handling practices, password management, and vendor management.
- Deliver regular security awareness training to employees regarding PCI and SOC 2 compliance requirements.
- Conduct risk assessments to identify potential threats and vulnerabilities related to sensitive data processing and system access.
- Prioritize risks and develop mitigation strategies to address identified issues.
- Evaluate the security practices of third-party vendors that handle sensitive data to ensure compliance with PCI and SOC 2 standards.
- Monitor vendor compliance and implement corrective actions where necessary.
- Prepare regular compliance reports for management, highlighting key risks and mitigation efforts.
- Collaborate with internal teams to communicate compliance requirements and address concerns.
- Apply patches to software, operating systems and security appliance firmware.
Qualifications:- Strong understanding of PCI DSS and SOC 2 compliance frameworks, including relevant control objectives.
- Experience conducting security assessments, vulnerability scanning, and penetration testing.
- Knowledge of information security best practices and industry standards (e.g., NIST, ISO 27001).
- Excellent analytical and problem-solving skills to identify and address compliance gaps.
- Strong communication and interpersonal skills to effectively collaborate with stakeholders across different departments.
- Ability to write clear and concise documentation for policies, procedures, and compliance reports.
