Job responsibilities
- Architect and implement secure software solutions that comply with PCI DSS requirements, focusing on building robust and scalable systems.
- Design and develop security controls and mechanisms specifically tailored to protect cardholder data and ensure PCI DSS compliance.
- Collaborate with development teams to integrate security best practices into the software development lifecycle, ensuring PCI compliance from the ground up.
- Engage technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs for PCI-compliant software products.
- Define the technical target state of cybersecurity products and drive the achievement of the strategy for secure software solutions.
- Works with Business Assessment Lead & control owners to define functional scope (tools, processes, etc.)
- Proactively monitor Key Risk Parameters to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps.
- Identify opportunities to eliminate or automate remediation of recurring issues to improve the overall cybersecurity of software applications.
- Lead evaluation sessions with external vendors, startups, and internal teams to drive continuous improvement and assess cybersecurity design and technical credentials for use in existing systems and architecture.
- Lead communities of practice to drive awareness and use of new and leading-edge cybersecurity technologies.
- Contribute to a team culture of diversity, equity, inclusion, and respect.
Required qualifications, capabilities, and skills
- Formal training or certification on software engineering concepts and 5+ years of applied experience in cybersecurity architecture.
- Hands-on practical experience delivering enterprise-level cybersecurity solutions and controls, specifically for PCI-compliant software and products.
- Experience with Prior QSA, ISA, or OSA.
- Hands-on in one or more programming languages (i.e Java, Python, C/C++…)
- Proficient in automation and continuous delivery methods
- Proficient in all aspects of the Software Development Life Cycle
- Understanding of agile methodologies such as continuous integration and delivery, application resiliency, and security
- Demonstrated proficiency in software applications and technical processes within a technical discipline (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
- In-depth knowledge of the financial services industry and their IT systems
- Practical cloud native experience (i.e. AWS, Azure, GCP)
- Ability to evaluate current and emerging technologies to recommend the best solutions for the future state architecture
- Experience effectively communicating with senior business leaders.
Preferred qualifications, capabilities, and skills
- PCI Security Standards Council Certifications
- Internal Security Assessor (ISA)
- PCI Point-to-Point Encryption (P2PE) Assessor
- PCI Forensic Investigators (PFIs)
- Qualified Security Assessor (QSA)
- Secure Software Assessor (SSA)
- Secure Software Lifecyle (Secure SLC) Assessor
- 3DS Assessor