Information Security PCI Analyst
|Job Type||Permanent Full Time|
|Area||, United Kingdom|
|Job Sector||Risk / Governance / ComplianceRetail|
|Salary||£50,000 - £60,000|
|Telephone||0203 327 1996|
- Job Purpose
Working within the Standards and Compliance team, your primary role will be to conduct PCI compliance audits and reviews on the whole company to ensure adherence to PCI DSS Standards. You may also be asked to support Information Security compliance (ISO27001) audits and reviews to ensure adherence to with policy, standards, legislation and regulation and the performance of other administrative duties relating to information security management.
· Be the Subject Matter Expert on PCI DSS.
· Conduct the PCI audit series, including mock audits prior to and during the QSA assessment.
· Address Non-Compliance and conduct Risk Assessments using the provided Information Security Risk Management Process.
· Work with Legal and Procurement to ensure new and existing suppliers have controls in place for PCI including contractual terms.
· Provide advice and guidance to projects, the team and wider business on all aspects of PCI.
· Responsible for the population and ongoing data entry into the PCI tracking tool to track compliance, including producing reports and metrics to show progress, compliance and risk plus any other data required.
· Identify and maintain relevant stakeholder lists for PCI, assess impact of re-issued or updated PCI DSS and ensure stakeholders are aware of changes and impacts.
· Engage project stakeholders for PCI Programme Projects to ensure that BAU processes are considered and fit for purpose.
· Assist with assessment of the current technology infrastructure to identify information security and compliance risk areas and recommend controls to address those risks.
· Provide regular reporting on activity for management review.
· Work with relevant teams to promote and foster Information Security and PCI DSS awareness within the organisation.
· A flexible outlook may be required when dealing with Investigations or Incidents out of hours.
· Travel to different sites as and when required.
· Have involvement with all Information Security functions including Projects, SOC and Security Testing to ensure Policies, Standards and Awareness initiatives support their requirements and processes.
· Support junior Colleagues in developing their skills and knowledge.
· Relevant industry experience – Essential.
· Expert knowledge of PCI DSS – Essential.
· Professional Security qualification (Current PCI ISM, CISSP or CISM preferred)
· Knowledge of Data Protection Act and ISO27001.
· Knowledge of Information Security in a commercial environment.
· Understanding of network architecture, protocols and principles.
· Relevant technical degree or professional experience.
What you need to show
· Auditing of infrastructure, applications and processes to ensure they are PCI compliant.
· Proactively takes responsibility, owns any issues arising and follows through to resolve them (get the required result) and recognises how individual responsibility impacts team delivery and inspires others to do the same.
· Works collaboratively with a range of people to support the wider business agenda.
· Ability to work on own un-supervised and deliver on time to budget.
· Ability to think methodically and logically and communicate well using spoken and written word.