We are looking for a highly talented, experienced Information Technology Compliance Specialist to assist the organization with meeting Payment Card Industry (PCI) and other public and private regulatory requirements. This person will perform the following functions: • Work with internal and external auditors to evaluate compliance with PCI standards as well as internal and external policies, standards and regulatory requirements. • Provide subject matter expertise on technologies such as Open Protocols, SRED, Encryption, HSM, Tokenization, Mobile Security, Cloud Computing and Virtualization • Analyze PCI and other regulatory developments and recommend integration into the organization’s policies and standards. • Interpret requirements to ensure appropriate definition of controls. • Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls. • Monitor and perform compliance testing, issue testing findings, prepare written report of findings, perform follow up testing, and assist in correcting deficiencies. • Lead the innovation and continuous improvement of IT internal control framework, including the integration of multiple compliance requirements. • Communicate controls, policies, standards, and compliance requirements to the business and IT staff. • Regularly interact with senior management and internal and external auditors to convey findings identified through walkthroughs and testing, assess the risk and impact of deficiencies, and make recommendations for remediation. Job requirements and Basic Qualifications • Demonstrated in depth understanding of the payment Security Industry Data Security Standard (PCI-DSS), PA-DSS and PTS • Understanding of regulatory requirements for the financial services sector • Understanding of information security and risk management frameworks such as COBIT, ISO17799/2700x, NIST, FIPS and COSO. • Technology background with familiarity in at least two of the following: distributed systems (Linux, Solaris, Windows), databases, networks (LAN/WAN technologies, firewalls, routers, software development, etc. • Familiarity with mitigating controls at the systems, network, and application level. • Audit/assessment experience in the financial services industry, especially in a large/global/diversified organization or large/global Internet ecommerce organization background required • Ability to explain technical jargon in simplified terms. • Ability to track and manage numerous parallel activities. • Ability to work efficiently and independently with minimal supervision (i.e., self-motivated and willing to stretch to meet important deadlines). • Ability to work in a fast-paced, dynamic environment. • Ability to build and maintain constructive working relationships with a diverse community (in and outside of technology); ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences. • Ability to earn the trust and respect of colleagues both in and outside of the Information Security team. • Bachelor’s degree required, graduate degree a plus • Minimum of 10+ years of information security, payment card technologies and payment device physical and logical security constructs • Industry certifications in the areas of Information Security/Systems – CISSP, CISA, CRISP, CGEIT - PCI ISA/QSA a plus • Working knowledge of the financial industry and the lifecycle of payment card transactions • Excellent written and oral communication skills; ability to express thoughts clearly, know how to listen and contribute in a team environment • Familiarity with mobile payment transactions • Understanding of the financial and payment card processing industries • Strong comprehension skills for understanding information security best practices and applying knowledge to PCI requirements 4158 saras@vstglobal.com 209 229 8116