PCI DSS SME
Job Type: Contract
Salary: Competitive Salary
The purpose of the role is to be a key member of the PCI DSS project implementation team, providing subject matter expertise (SME), knowledge and guidance to develop a strategic operating environment within Huntswood and attain PCI DSS compliance.
To ensure that the required changes and PCI DSS controls resulting from project activity become embedded in the business to deliver lasting and tangible business benefits and ongoing PCI DSS compliance.
Working closely with the project manager, senior stakeholders, project sponsors and the Head of Risk.
- Provide strong consultative skills with experience on advising clients on their PCI DSS compliance programmes including, scope identification, data flow mapping, scope reduction methodologies, compensating controls, PCI Strategy Governance and performing PCI gap analysis and readiness assessments.
- Technical capability with understanding of Security Architecture, Networks, Servers, Workstations, Applications and Virtualisation and Cloud Technologies in relation to PCI Compliance and the documentation and understanding of PCI data flow.
- Establish, drive and embed best practices for PCI DSS compliance and management
- Be a source of advice on effective mitigating actions (corrective & preventive)
- Manage stakeholders at all levels within Huntswood, ensuring strong relationships are built and support for working in compliance to PCI DSS is maintained.
- Instil confidence across the Huntswood business that PCI DSS enables quality, control and security and is not an inhibitor to effective delivery operations.
- Demonstrate and maintain excellent knowledge of PCI Security Standards Council guidelines, controls and best practices.
- Ensure Huntswood has an effective Information Security Management System (ISMS) that supports PCI DSS SAQ, Audits and ease of compliance through controls and evidences.
- Ensure all relevant Huntswood representatives receive PCI DSS awareness training
- Be an SME to the design and approval teams for new technologies and changes to information systems proposed by business heads to ensure Huntswood's PCI DSS Compliance is kept within acceptable levels
- Provide SME input for PCI DSS to commercial activity (i.e. bid/RFP responses) and project/proposition developments
- Strong knowledge of PCI DSS
- Experience of conducting PCI Security Assessments and Self-Assessment Questionnaires including producing Attestation of Compliance (AOCs) and Reports on Compliance (ROCs).
- A hands-on approach to be actively involved in the project delivery (Inc. some business analysis and documentation creation)
- Ability to assess and improve operational policy and procedures for PCI DSS compliance.
- An investigative nature and logical approach to problem solving
- Effective time management and organisation skills and keen attention to detail
- Proven ability to actively participate at all stages of the project lifecycle from inception to delivery
- Strong written and verbal communication skills, and an ability to engage stakeholders of all levels
- Experience in working and communicating effectively with both technical and operational stakeholders in PCI DSS compliance matters
Huntswood's employees are described as dependable, driven and collaborative. The job holder should be able to demonstrate they are;
- Confidential, reliable and genuine
- Dynamic, passionate and determined
- Friendly, compassionate and cooperative
"It's not just about what we do, but the way we do it. And it's our values that make us special."
Apply for this role
Fields marked * are required