Sr. Security Compliance Analyst at Entrust Datacard

Position Overview:

This position works as part of a security team responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion. This position demands an organized, action oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.

How You Will Make an Impact:

• Oversees PCI-DSS operational security compliance and audit functions
• Review operational procedures to ensure they comply with security audit requirements
• Submit periodic compliance reports as well as operational requirements defined in PCI-DSS and other security compliance activities
• Facilitate external security auditor engagements, organize required objective compliance evidence, schedule required resources and audit timelines
• Review audit logs for anomalies and report and follow up on anomalies as required
• Prepare and deliver PCI-DSS security audit and compliance scorecards to CISO and other leaders (e.g., CIO, Internal Audit, CFO, etc)
• Perform all logical controls required PCI-DSS as well as document all artifacts so they are available for yearly audit. (E.g., Ensure all changes are approved by the CISO or authorized individual, investigate all audit log validation failures, approval all FW rules in the CP cardholder data environment)
• Work closely with facilities security to either directly perform physical control or make sure they are completed – these include daily, weekly, monthly, quarterly as well as yearly artifacts that are required to support continued PCI-DSS certifications. Formal artifacts must be obtained and available for the certification audits.
• Facilitate timely identification, communication and recommended resolution of security risks
• Serve as the internal and customer facing subject matter expert on PCI-DSS
• Review and interpret vulnerability scan results
• Assistance with filling out Financial customer questionnaires
• Assistance answering auditor questions
• Drive the ongoing PCI-DSS internal compliance (awareness training, vulnerability scans, etc.);
• Advise customers and internal stakeholders on PCI-DSS best practices, compliance, and audit processes;
• Proactively understand PCI-DSS security best practices and advocate for adoption of these internally at Entrust;
• Coordinate with the various groups at Entrust and 3rd Parties to adopt best practices, communicate system changes, and facilitate documentation and compliance;
• Assist with other audits and compliance activities relating to data security and technical controls;
• Manage project document repository; maintain strict deadlines and positive vendor/customer relationships.

Basic Qualifications:

• 8+ years of compliance and/or audit experience
• Experience with Enterprise Network devices (i.e. routers, switches, firewalls).
• Experience with Operating platforms (i.e. UNIX and Microsoft)
• Proficiency conducting and evaluating/analyzing results from the following set of tools, to include but not limited to: Nexpose, WebInspect, etc
• Knowledge of PCI
• Experience with enterprise security tools and security architecture best practices
• Experience with preparing and testing IT Contingency Plans
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
• Minimum of 10% travel requirement
• Working knowledge of French

Preferred Qualifications:

• Bachelor’s Degree
• Security clearance
• CISA, CIA, CPA, CGFM, or CRISC certification a plus
• Experience with NIST, FedRAMP, FISMA, ISO, PCI DSS and CP
• Project management experience preferred
• Experience with creating all necessary PCI-DSS Certification and Accreditation documentation