Job description
Senior PCI Compliance Officer
*Remote
Join the Access Family and see how we make software ideas become a reality!
Our core value of Love Work, Love Life, Be You' has been central to our success and so we're looking for people to join us who share our passion for making things better every day and help us continue to grow.
We are the number one UK headquartered software provider in the UK and are forecasted to grow to a global population of over 12,000 employees by 2026.
About you:
At Access we are committed to the highest standards of control, governance, and independent oversight. We are searching for someone with extensive experience PCI Security within the financial industry and is excited to support the design and help shape the future of oversight of PCI Compliance within the Payment Division.
You will be an experienced professional and enthusiastic information security practitioner with excellent knowledge of PCI accreditation.
This role is within the Divisional Compliance function, you will support the Divisional Head of Compliance drive the implementation of PCI compliance within the Access PaySuite Payments Division. You will oversee PCI compliance best practices, changes to requirements and provide consultative insight and risk reduction recommendations to comply with the standards. You will be accountable and responsible to the Head of Compliance for providing expert risk analysis and with implementing and maintaining policies, as well as managing a comprehensive controls framework with industry requirements to ensure enterprise wide PCI compliance - including PCI DSS v4, PCI 3DS2 and PCI P2PE - You will need to be an individual with a passion for problem solving.
Day-to-day, you will:
• Working closely with Payments IT Operations, Payments, Product & Engineering and the Access Group Information Security, you will be responsible for identifying, evaluating and reporting on the state of PCI compliance.
• Oversee information security external audits related to PCI DSS v4, PCI 3DS2 ,PCI P2PE. Managing the annual PCI lifecycle and the entire recertification process (QSA interactions, evidence collection and submission, co-ordinating and scheduling stakeholder meetings etc)
• Compliance lead on the Vulnerability Management Oversight Board, ensuring that vulnerability management programme, including ASV scans, daily check reviews, weekly, monthly, quarterly and bi-annual reviews and reporting, PAM reviews WI FI Scans are conducted.
• Support the Head of Compliance provide updated reports to Divisional Management and Board, escalating any key or high-risk security issues.
• You will manage the PCI DSS lifecycle, including year -round efforts and the entire recertification process. In addition, you will keep pace with regulatory changes to ensure the company maintains PCI DSS compliance.
• Act as the primary point of contact for all PCI - related requirements, initiatives and external relationships.
• Act as the main PCI DSS, PCI 3DS2 and PCI P2PE compliance subject matter expert when internal team members have questions or need guidance and be the key liaison with external PCI advisory firms.
• Work closely with the technical leads on design and control implementation for infrastructure and software. Guide the technical teams and stakeholders to implement required controls to meet compliance. Track project progress through implementation, validation and remediation.
• Support business innovation initiatives, whilst ensuring PCI compliance is met.
• Closely monitor and understand potential changes to the PCI DSS framework.
• Maintain a high degree of knowledge of Access current and proposed security changes which might impact PCI compliance and security industry best practices.
• External Liaison with third-party qualified security assessors, internal and external auditors as well as the PCI governing body and PCI communities.
• Provide Head of Compliance regular updates ongoing PCI compliance assessment, providing oversight on findings, supported through thorough documentation and recommendations highlighting high level risk issues in a timely manner.
• Maintain documentation and keep the state of the PCI programme of compliance up to date
• Facilitate education and training for employees required to uphold PCI compliance or support PCI controls.
Skills and Experience to include:
• Qualified to degree level in an appropriate field.
• Extensive experience in PCI roles and excellent understanding of payment compliance programmes.
• Demonstrate a proficiency in managing and implementing PCI DSS compliance frameworks.
• Able to oversee and manage multi projects and is comfortable with change.
• Excellent fact -finding, problem solving, data gathering and analytical skills.
• Strong communication skills at all levels of management.
• Be able to run projects with minimal supervision.
What does Access offer you?
We are a growing software company, and we deliver on what we say we do! We take the development of our people very seriously and we will work with you to carve out your success plan and an opportunity to accelerate your career and make a real difference.
On top of a competitive salary, our standard 25 days holiday (which goes up the longer you're with us), and a matched pension scheme you'll also be able to choose from a range of benefits to suit you. We pride ourselves on being an organisation that gives back so you'll also have a charity day you can take to support something that matters to you.
Love Work. Love Life. Be You.
Address
Form of work
Leicestershire, England
