Information Security Architect/Assessor SOC/PCI DSS
Develop, recommend, and implement enterprise information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls. Responsible for the evaluation of strategic network security, access control and secure transaction/messaging solutions.
- Lead system and network architecture support for information and network security technologies; lead development and execution of risk assessment methodologies to fit business, regulatory, and technical environment considerations; lead the development of requirements, system architecture, and software design of security products and services; lead the development of strategies for discovery, evaluation and response to new networking attacks; develop security incident response plans and strategies.
- Maintain a detailed working knowledge of the PCI Data Security Standards (DSS), PCI industry guidance, PCI best practices, and Service Organization Controls (SOC).
- Interpret and convey the appropriate meaning and impact of PCI requirements to include but not limited to transmission, storage of credit card information, and processing credit card data.
- Lead and manage PCI preparation, assessment, remediation, and recertification activities performed by external Qualified Security Assessors (QSA).
- Manage, track, and report on vulnerability scanning, testing, remediation, and evidence submission as required for PCI compliance.
- Collect evidence and facilitate remediation for PCI assessment activities.
- Contribute to the support of operations and technology by designing, developing, or recommending secure solutions, including policy, standards, applications, systems, architectures, and infrastructure that are operationally viable and efficient, and that ensure continuous compliance with the PCD DSS.
- Serve as a liaison with IT and business area partners to identify, understand, document, and advise on security requirements, impact and risks.
- May be assigned to project teams for technical consultation to business partners and developers.
- Design and engineer comprehensive access management and network security technical solutions based on business requirements and defined technology standards; work with architecture to update technology direction & strategy.
- Act as a subject matter expert among peers, with manager and senior management.
- Must be capable of providing top-tier support for 5 or more of the information security technology common body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Telecommunications and Network Security.
KNOWLEDGE SKILLS & ABILITIES
Minimum Education/Experience: Bachelor’s degree (BA or BS) from an accredited college or university plus a minimum of eight (8) years of combined experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management; significant experience with multiple technical and business disciplines required.; or any combination of education and experience, which would provide an equivalent background.
Company / Industry Knowledge: Prior experience in banking, credit union or financial services industries is strongly preferred.
- Advanced knowledge and understanding of industry-accepted data processing controls and concepts as applied to access management and network security technologies, hardware, software, data, network communications, and people.
- Expert knowledge in PCI DSS/SOC compliance requirements.
- Experience managing the full compliance lifecycle for Payment Card Industry Data Security Standards (PCI-DSS).
- Experience managing the full compliance lifecycle for Service Organization Controls (SOC) audits for the SOC 1, SOC 2, SOC3.
- PCI ISA (Information Security Assessor)
- CISSP (Certified Information Systems Security Professional)
- CISA (Certified Information Systems Auditor)
Other Skills: Strong business acumen. Strong project management skills. Strong problem-solving, decision-making and analytical skills. Excellent interpersonal and organizational skills – a team player who can effectively partner with all levels of the company. Detail oriented and organized. Ability to handle numerous assignments simultaneously. Ability to work independently and as part of a team.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
While performing the duties of this job the employee is regularly required to sit, talk and hear. The employee is frequently required to use hands and fingers in the course of daily job duties. The vision requirements include close vision. Significant mental stress may be incurred due to time deadlines, pressures and demands from both internal and external sources. Overnight travel is very likely (up to 25%) along with the ability to work effectively throughout the U.S. dealing with very different and numerous clients.
To apply, please send your resume and cover letter to HR@trellance.com.