Gleeson Recruitment Group have just been briefed on a 3-month interim PCI-DSS Compliance Analyst to work with a leading business based in the Midlands.
This role will be fully remote and offers a competitive day rate inside IR35 that can be discussed on a call.
In this role you will ensure that the organisation meets their regulatory compliance requirements.
You will be working with business stakeholders, but also with internal technology teams, external technology service providers as well as building relationships with IT and InfoSec team.
This varied role conducts activities across all areas of PCI-DSS compliance. It will require close working with both technical and business functions to ensure on-going compliance with all in-scope PCI-DSS controls. You may be required to provide advice and guidance about the implementation and management of PCI controls, as well as being responsible for the continued auditing requirements for PCI-DSS, ensuring on-going compliance.
Key Responsibilities Include
- Implementing the organisation PCI policy across the business
- Auditing over 70 sites, collect data, track it in a orderly way and address gaps and identify remedial actions
- Drive a PCI compliant culture and awareness program
- Ensure business is aligned to all aspects of PCI DSS
Skills, Knowledge & Experience
- Good technical knowledge of PCI-DSS processes and services with proven implementation on medium to large size companies
- Planning / delivery focussed / completer-finisher
- Have experience of auditing practices, such as but not limited to ISO27001
- Excellent communication and coordination skills dealing with internal and external stakeholders
- Able to create PCI Data Flow diagrams/process by understanding the business process or related tool.
- Understanding of payment processors and credit card payment processes
- Exposure to current IT Security standards and regulations such as PCI-DSS, ISO 27001, SOX, DPA, NIST
- Knowledge of payment scheme requirements (e.g. SWIFT & PCI-DSS) and information security good practice frameworks (e.g. ISO27001, NIST)
- Nice to have: knowledge of data protection best practices and GDPR compliance
- Nice to have: familiarity with security operations, networking, cloud, email, application security and a technical background