Job Summary
As a GRC Analyst, you will play a key role in ensuring the organization meets the Payment Card Industry Data Security Standard (PCI DSS) requirements, contributing to the broader cybersecurity strategy. This role demands hands-on experience in managing responsibility matrices, designing, implementing controls, and overseeing processes like training, evidence collection, ASV scanning, reporting, and auditing for PCI DSS compliance within large-scale, Level 1 environments that involve thousands of endpoints and card data handling devices.
Familiarity with additional frameworks such as NIST 800-53 Rev. 5, NIST CSF, ISO 27001, vulnerability management, and incident response will be beneficial for excelling in this position.
Key Responsibilities:
PCI Compliance and Audit Management
- Develop and maintain PCI DSS compliance programs, ensuring they align with the organization’s objectives.
- Lead internal assessments and external audits, effectively addressing any identified gaps.
- Develop and communicate PCI-related security policies, procedures, and standards.
Risk Management and Decision-Making
- Evaluate PCI compliance risks and recommend appropriate actions, including risk acceptance, mitigation, remediation, or transference.
- Effectively communicate the rationale behind compliance requirements to stakeholders and IT teams, helping them understand risk implications.
- Promote and develop risk management best practices throughout the organization.
Training and Awareness Programs
- Design and deliver PCI-related security awareness and secure coding training programs.
- Educate teams on PCI DSS requirements to cultivate a culture of compliance and security.
Security Controls Design and Implementation
- Implement security controls for applications, devices, and systems that handle cardholder data.
- Ensure seamless integration of PCI requirements across diverse endpoints and payment methods.
Vendor and Audit Collaboration
- Manage relationships with vendors and consultants involved in merchant identification and PCI compliance support.
- Collaborate with external auditors, internal audit teams, and the treasury department to ensure successful compliance efforts.
Incident Response and Vulnerability Management
- Work closely with SecOps teams on investigations into security incidents involving cardholder data.
- Oversee vulnerability management processes to address compliance risks proactively.
Collaboration and Governance
- Partner with various business units to ensure PCI compliance across different environments.
- Provide guidance on compliance with frameworks such as PCI DSS, NIST 800-53 Rev. 5, and ISO 27001.