PCI Analyst - Fintech
- Location: Boston, MA
- Job Type: Direct Placement
- Ref No: 21-00305
- Date: January 21, 2021
Job Description - PCI Analyst - Fintech
PCI (Payment Card Industry) Analyst – Fintech
Our client is seeking an experienced PCI compliance professional to assist with the day-to-day general compliance needs of the firm's Core POS line of business PCI program. In this highly visible role, the PCI Analyst will help lead the annual PCI assessment, advise and consult with internal teams on PCI related initiatives and programs.
- Lead the facilitation and monitoring of this fintech's PCI DSS Compliance program in conjunction with the QSA firm.
- Ensure that all PCI DSS controls are documented, operating effectively and monitored through the course of the year; recommend, draft and review compensating controls
- Ensure PCI requirements have been appropriately incorporated into current processes as required.
- Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet PCI DSS requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
- Configure and/or administer PCI program via cloud managed GRC tool
- Prepare, update and maintain customer-facing PCI documentation
- Participate in customer related due diligence exercises and investigations as needed
- 5-7 years' prior experience managing a QSA-led PCI DSS Level 1 Service Provider's assessment or serving as a QSA in an AWS hosted technology/fintech start-up.
- CISSP and CCSP or AWS Certified Security - Specialty certifications (required)
- ISO27001 Lead Auditor a plus
- Knowledge and demonstrable experience with all current PCI DSS requirements, PA DSS requirements, P2PE standards and PCI SSC guidance (required)
- Experience working with and interpreting Visa, Client and Client Operating Regulations and Security Operating Policies; NACHA (required)
- Knowledge and experience reviewing and advising internal partners on network segmentation, encryption and key management, tokenization, antivirus and malware, secure software development lifecycle (SSDLC), identity and access management, vulnerability management, penetration testing, file integrity monitoring and logging.
- Advanced ability in analyzing risk and designing efficient controls to minimize risk
Related Job Listings
No related jobs at this time.