PCI-DSS Specialist - Security Risk Management (3-8 yrs)

Job Description : PCI DSS Specialist

Location : Bangalore, India

Experience : 3+ years

Key Responsibilities :

- PCI DSS Compliance : Ensure the organization meets all PCI DSS requirements by conducting regular assessments, identifying gaps, and implementing necessary controls.

- Internal Security Assessor (ISA) : Act as the primary ISA, performing internal audits, and providing guidance on PCI DSS compliance to various departments.

- Network Security : Design, implement, and manage network security measures to protect sensitive payment card data. Monitor network traffic for suspicious activities and respond to security incidents.

- Risk Management : Conduct risk assessments to identify potential security threats and vulnerabilities. Develop and implement risk mitigation strategies to protect against data breaches and other security incidents.

- Policy and Procedure Development : Develop and maintain security policies, procedures, and standards to ensure compliance with PCI DSS and other relevant regulations.

- Security Awareness Training : Conduct training sessions to educate employees on PCI DSS requirements, data protection practices, and network security protocols.

- Documentation and Reporting : Maintain comprehensive documentation of security measures, compliance activities, and risk assessments. Prepare detailed reports for senior management and regulatory bodies.

- Collaboration : Work closely with IT, legal, and other departments to ensure alignment with PCI DSS requirements and overall organizational security objectives.

- Vendor Management : Evaluate and manage third-party vendors to ensure their compliance with PCI DSS standards and secure handling of payment card data.

Qualifications :

- Education : Bachelor's degree in Computer Science, Information Technology, or a related field.

- Experience : Minimum of 3 years of experience in PCI DSS compliance, network security, and risk management.

- Certification : PCI Internal Security Assessor (ISA) certification is required. Additional certifications such as CISSP, CISM, or CISA are a plus.

- Technical Skills : Strong understanding of network security principles, firewall management, intrusion detection/prevention systems (IDS/IPS), and encryption technologies.

- Risk Management : Proven experience in conducting risk assessments and implementing risk mitigation strategies.

- Communication : Excellent verbal and written communication skills, with the ability to effectively convey complex security concepts to non-technical stakeholders.

- Problem-Solving : Strong analytical and problem-solving skills, with a keen attention to detail.

- Team Player : Ability to work collaboratively in a team environment and manage multiple projects simultaneously.