Responsibilities
Actively coordinate the internal and external SOX/PCI audits and provide IT management direction as to how to remediate pertinent action items in order to achieve SOX/PCI compliance with zero material findings.
Ensure compliance with any applicable information security standards and regulations.
Perform user access reviews and ensure respective remediation is performed in a timely manner.
Maintain Ongoing PCI Compliance Including, But Not Limited To
Prepare for the yearly PCI audit by maintaining/updating the master inventory of PCI controls
Consult with project teams on PCI requirements as they relate to system changes, product reviews, contracts and RFP responses
Work with PCI Auditor to ensure that system designs are vetted for potential PCI compliance conflicts before these designs are implemented
Schedule quarterly PCI scans and yearly Internal and External Penetration Tests, and work with Technical teams to ensure that Medium and High Risk Vulnerabilities are addressed
Schedule and coordinate yearly PCI Audit so that the PCI Auditor has access to people and resources necessary to perform his review
Requirements
Bachelor's degree in Computer Science, Information Systems or similar field. Advanced degree preferred
10+ years' experience of privacy and security compliance in a highly regulated, public organization
5+ years' experience Managing a team, programs and auditors (internal/external)
Significant experience authoring policies based on new and/or updated aviation, global, federal and/or state directives and regulations
Demonstrated experience in delivering comprehensive solutions to complex security issues on a global scale
Ability to multi-task and prioritize business requirements in a dynamic, fast paced environment while providing exceptional customer service
Extensive experience managing, coaching and mentoring team members and others in IT Compliance
Excellent communication, written and presentation skills for presentation and reports to all levels
Possess one or more of the following certifications: CISA, CISSP, GGEIT, GRC
Bachelor's degree