Sr. Principle IT & PCI Security Auditor

Sr. Principle It & Pci Security Auditor

We are in search of an IT Security professional to play an important role in PCI compliance program and support our IT Security and PCI DSS assessment team in Mountain View, California.

The ideal candidate will have at least 8 years of IT Security work experience with some compliance or security audit experience. He or she should have a good understanding of network and application security, e-commerce, information systems auditing, threat and vulnerability management, web development, and IT security assessments.

Their primary responsibility will be to assist with conducting PCI DSS assessments, writing reports on compliance and developing with the IT Security compliance program. This includes; understanding all aspects of the internal PCI Program, scope definition, testing, verifying, and validating controls, conducting interviews and walkthroughs, and secure data management.

This role will provide the successful candidate with the opportunity to collaborate with teams from across the enterprise and build valuable experience in IT, PCI and Cybersecurity in a complex e-commerce environment. We will train exceptional candidates.

Responsibilities:

• Conduct IT Security and PCI DSS assessments Collaborate with IT and Business Stakeholders Test IT Technical Controls including validation of implementations Review and analyze technical documents including; Information security policies, compliance standards, and system component inventories.
• Understand, analyze and interpret network diagrams, data flow diagrams, server log files, vulnerability scan reports, firewall and router configurations, database schemas, IDS/IPS and FIM logs Conduct datacenter walkthroughs and test for PCI DSS Requirement 9 (physical security) .
• Report status to senior management and executive management Interface and work with card brands, merchant banks, third-party service providers such as data centers and call centers.
• Assist in communicating the PCI DSS Program objectives across the enterprise.
• Build strong relationships with business owners, IT management and operations staff Assist in providing compliance training to IT and audit staff.
• Advise and partner with the business and IT on findings remediation efforts.
• Remain current with PCI DSS and new information from the PCI SSC and card brands, as well as all IT Security and Cybersecurity best practices Lead meetings to deliver PCI DSS and status reports to business compliance leads, IT and management Execute audit fieldwork autonomously in accordance with audit work programs.
• Help make improvements and give recommendations for IT Security and PCI program enhancements.
• Drafts clear and meaningful findings, assessment reports, work papers, presentations, and other materials for presentation to management Coordinates all assessment efforts with business process owners, regional management, and IT teams Performs data analytics to identify trends, anomalies, and areas of focus for IT Security assessments.

Qualifications:

• Bachelor's degree in computer science or an equivalent combination of education and experience Current or past QSA or ISA preferred but not required CISSP, CEH, CISM, CISA, CRISC (or other top InfoSec certifications) preferred Experience in a large technology firm preferred.
• Experience with an Oracle ERP environment preferred
• Proficient with Microsoft Office.
• Excellent oral and written communication skills.
• Strong drive for results.
• Supportive teacher and trainer.
• Ability to explain complex technical concepts in simple, easy to understand terms.
• Flexible with many changing priorities Positive Mindset to change and adaption.
• Some experience with audit and compliance activities including Sarbanes Oxley, PCI DSS, Security Risk Assessments and IT Security audits.
• Ability to comfortably interacts with senior management in a consultative manner.
• Understanding of business processes, risks, controls, and security controls (e.g., Access Management, Logical and Physical Security, Networking security standards.
• Strong IT background and understanding of networks, servers, workstations and applications Understanding of Virtualization and Cloud technology is preferred.
• Passion for Security and Security as a mindset is required.