Technical Security and Controls:
· Design, implement, and manage technical security controls to protect sensitive data and ensure compliance with PCI DSS and other standards.
· Perform regular security assessments, conduct vulnerability scans, and coordinate penetration tests to identify security requirements or weaknesses.
· Oversee the configuration and maintenance of security platforms and services, automation tools, and SIEM solutions to safeguard information assets.
· Monitor, analyze and respond to security events, ensuring timely resolution and develop/revise documentation for security procedures and processes.
· Collaborate with IT and security teams to ensure timely resolution of security incidents and vulnerabilities, working closely with the incident response team.
· Implement and maintain IAM technologies to ensure audit and privacy compliance, and design controls to mitigate those risks.
Compliance Management:
· Lead PCI DSS (Payment Card Industry Data Security Standard) compliance efforts, including annual assessments, internal and external audits, and reporting.
· Develop, implement, and maintain compliance standards, documentation, and controls to ensure adherence with PCI DSS and other regulatory requirements.
· Conduct internal compliance audits and assessments, identifying and addressing gaps in compliance.
· Coordinate with internal and external auditors for compliance assessments and certifications.
· Conduct regular PCI compliance training and awareness programs for staff.
· Remain current on PCI DSS updates and changes and communicate their impact to relevant stakeholders.
Risk Management:
· Conduct thorough risk assessments to identify, evaluate, and mitigate risks associated with business systems and processes.
· Maintain a risk register, documenting identified risks, assessment outcomes, and mitigation strategies.
· Develop and implement risk management frameworks and policies.
· Regularly review and update risk management practices to reflect changes in the threat landscape and regulatory environment.
Data Governance:
· Maintain and update data governance frameworks, policies, and establish procedures to ensure data quality, integrity, and security as requirements evolve.
· Establish data stewardship procedures and ownership roles and responsibilities within the organization.
· Collaborate with business units and cross-functional teams to ensure compliance with data governance standards and practices according to established guidelines.
· Implement and maintain security controls around established data classification schemas to categorize data based on sensitivity, criticality, and usage.
· Monitor and report on data governance metrics, identifying areas for improvement and implementing corrective actions.
Training and Awareness:
· Develop and deliver training programs to educate staff on compliance requirements, security policies, and risk management practices.
· Conduct regular awareness sessions to keep employees informed about the latest security threats and compliance updates.
Documentation and Reporting:
· Create and maintain detailed documentation for compliance activities, risk assessments, and security controls.
· Develop and maintain comprehensive documentation for IT governance, risk management, and PCI compliance activities.
· Prepare comprehensive reports on compliance status, risk management activities, and security incidents for senior management and regulatory bodies.
· Maintain records of compliance audits, risk assessments, and security incident responses.