Basic Information

Ref number

Req_00059709

Last day to apply

31-Dec-2021

Primary Location

COLORADO

Description and Requirements

The Digital Solutions Team is looking out for an experienced Information Security PCI Compliance Program Manager for a new role based out of Denver, CO.


Responsibilities: The PCI Compliance Program Manager is a key part of our Information Security and Governance, Risk, and Compliance (GRC) teams. This position is full-time, permanent, and salaried with standard work hours, has no supervisory duties, and requires very little travel. The PCI Compliance Program Manager will report to the Information Security Compliance Manager and function as a central Payment Card Information subject matter expert supporting enterprise teams looking to involve PCI data in business solutions and processes.

They will lead the company through the design and build out of a program that focuses on the protection, use, and control monitoring of PCI data, including any necessary certifications or audits. 


Primary responsibilities :
  • Draft policies/procedures that govern the security of PCI data across the enterprise with a specific focus on compliance requirements.
  • Design, lead and execute a Compliance program focused on PCI data handling across the enterprise.
  • Partner with security teams to identify and analyze security requirements to align with PCI compliance standards.
  • Track, document and address PCI compliance gaps to ensure timely closure.
  • Manage the annual PCI audit including evidence gathering, quality assurance of evidence, coordination of audit resource meetings, and other tasks required to successfully complete the audit.
  • Ensure ASV Scans and Pentesting are conducted quarterly and annually, respectively with all remediation activities being completed within expected timelines.
  • Lead security enhancement projects focused on new or changing PCI compliance requirements.
  • Educate and build awareness of PCI compliance requirements.
  • Coordinate with Third Party Risk management to ensure PCI compliance needs are being addressed and tracked appropriately with third party vendors.
  • Coordinate with Privacy / Legal to ensure the overall compliance landscape is well understood and the program captures a complete view of our PCI compliance needs.
  • Continuously improve the PCI compliance program with new information, procedures, or documentation.
  • Coach and mentor junior staff.

Competencies:
  • Project Management
  • Self-led Learner
  • Customer First Mentality
  • Strong Adaptability
  • Process Documentation Management
  • Process Mapping Development
  • Presentation Skills
  • Multitasking
  • Compliance + Risk Mindset
  • Communication w Executives
  • Team Mentorship
  • Can Interpret Regulations and Compliance Requirements
  • Thought Leadership
  • Cross-functional Team Leadership
  • Strategic Thinking and Planning (Team)
  • Brand & Team Ambassador
  • Solid Risk Management Foundation
  • Solid Information Security Foundation
  • Solid Security Control Framework Foundation
  • Expert PCI-DSS Knowledge
  • General Data Privacy Foundation
  • Can Teach/Educate Risk & InfoSec Principles
  • Can Consult Business on Risk and InfoSec Principles

Personality:
  • Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once. 
  • Must have good meeting management and communication skills to keep conversations focused and productive. 
  • Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision. 
  • Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.

Skills:
  • An expert in PCI requirements and experience building and executing a program development plan.
  • Experience leading through others and rolling out new programs.
  • Solid working knowledge of information security concepts and controls.
  • An understanding of our responsibility as a company to adhere to compliance requirements.
  • Excellent project management skills, with the ability to work within deadlines, juggle multiple priorities, design project plans, and provide project updates.
  • Ability to work independently with little direction and/or supervision.
  • Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization.
  • Keen attention to detail with the ability to correct on the fly and work independently.
  • Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
  • Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
  • Solid interpersonal and verbal/written communication skills.

Education and Experience:
  • Bachelor's Degree or equivalent experience and at least 5-8 years of directly related experience. 
  • Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
  • Experience with compliance audits such as PCI and/or CPNI. Former QSA preferred.
  • Experience with NIST, ISO and other industry standards.
  • Expert user of Microsoft/Google Suite and an eGRC tool.

Other Qualifications:
Professional certification (CISSP, CISA, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.

Equal Opportunity Employer:

At TELUS International, we are proud to be an equal opportunity employer and are committed to creating a diverse and inclusive workplace. All aspects of employment, including the decision to hire and promote, are based on applicants’ qualifications, merits, competence and performance without regard to any characteristic related to diversity.


Additional Job Description


As an active member of the TELUS International, you will be in the heart of a major transformation program supporting it as a PCI Compliance Program Manager.