Further Enterprise Solutions (www.furtherllc.com) is a leading source of technical engineering, end-to-end turnkey solutions, and software development services in the rapidly expanding telecom industry. Founded in 2002 by wireless industry veterans, FES has grown to become a trusted partner, delivering innovative solutions for Tier 1 telecommunications providers and equipment manufacturers. FES is headquartered in Philadelphia, PA with branch offices throughout the U.S. and Canada, offering rapid response and a local presence for our clients and their teams!
Job Title: Information Security PCI Compliance Program Manager
Locations: Englewood, CO. Onsite is required
Job Description:
Job Duties and Responsibilities:
The primary responsibilities of the Information Security PCI Compliance Program Manager include the following:
• Draft policies/procedures that govern the security of PCI data across the enterprise with a specific focus on compliance requirements.
• Design, lead, and execute a Compliance program focused on PCI data handling across the enterprise.
• Partner with security teams to identify and analyze security requirements to align with PCI compliance standards.
• Track, document and address PCI compliance gaps to ensure timely closure.
• Manage the annual PCI audit including evidence gathering, quality assurance of evidence, coordination of audit resource meetings, and other tasks required to successfully complete the audit.
• Ensure ASV Scans and Pentesting are conducted quarterly and annually, respectively with all remediation activities being completed within expected timelines.
• Lead security enhancement projects focused on new or changing PCI compliance requirements.
• Educate and build awareness of PCI compliance requirements.
• Coordinate with Third Party Risk management to ensure PCI compliance needs are being addressed and tracked appropriately with third-party vendors.
• Coordinate with Privacy / Legal to ensure the overall compliance landscape is well understood and the program captures a complete view of our PCI compliance needs.
• Continuously improve the PCI compliance program with new information, procedures, or documentation.
• Coach and mentor junior staff.
• Other responsibilities as assigned.
The successful candidate will possess the following qualifications:
Successful candidates must be willing to relocate & work onsite.
Competencies:
• Project Management
• Self-led Learner
• Customer First Mentality
• Strong Adaptability
• Process Documentation Management
• Process Mapping Development
• Presentation Skills
• Multitasking
• Compliance + Risk Mindset
• Communication w Executives
• Team Mentorship
• Can Interpret Regulations and Compliance Requirements
• Thought Leadership
• Cross-functional Team Leadership
• Strategic Thinking and Planning (Team)
• Brand & Team Ambassador
• Solid Risk Management Foundation
• Solid Information Security Foundation
• Solid Security Control Framework Foundation
• Expert PCI-DSS Knowledge
• General Data Privacy Foundation
• Can Teach/Educate Risk & InfoSec Principles
• Can Consult Business on Risk and InfoSec Principles
Personality:
• Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
• Must have good meeting management and communication skills to keep conversations focused and productive.
• Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
• Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
Qualifications:
Skills, Experience, and Requirements
Education and Experience:
• Bachelor's Degree or equivalent experience and 4-6 years of directly related experience.
• Must have a solid understanding of SOX, PCI, CPNI, CCPA, and similar IT Compliance and Privacy regulations.
• Experience with compliance audits such as PCI and/or CPNI. Former QSA preferred.
• Experience with NIST, ISO, and other industry standards.
• Expert user of Microsoft/Google Suite and an eGRC tool.
Other Qualifications:
• Professional certification (CISSP, CISA, CSIM, CIA or similar) is highly desired.
Candidates who have active QSA (Qualified Security Assessor) certification. Someone who has worked as QSA in the past 4-5 years.
Worked as ISA and holds PCIP certification.