Security Compliance is searching for a detail oriented, creative, and adaptive security specialist to pioneer and monitor the enforcement of technical and administrative controls/procedures utilized by all departments in all locations secured by Shift4 Payments. Our ideal candidate will have an established work history in the field of information security with a focus on security policy development, IT security auditing, security vulnerability management, risk management, and security training with a proven passion for success.
Essential Job Functions
- Develop and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model to ensure the same are in line with subscribed security framework(s).
- Perform periodic PCI DSS and PCI PA-DSS oversight tasks and readiness reviews.
- Use automated tools to run network layer vulnerability scans; analyze, report results, track remediation.
- Run the security vulnerability management and remediation tracking program.
- Perform regular end-user security awareness and education with monthly newsletters and ad hoc announcements.
- Perform PCI P2PE key management tasks; generate and distribute keys to key injection facilities.
- Align the information security program with ISO 27001; get data centers ISO certified.
- Perform periodic security risk assessments, IT security audits, management reporting, and continuously identify training opportunities.
- Provide executive reports on Risk Assessment, Business Impact Analysis and Data Loss Prevention.
- Vigilance on upholding Shift4 Payments Service Level Agreements for secure payment processing.
Preferred Knowledge, Skills, and Abilities
- Established work history as an information security practitioner and/or as a systems security administrator.
- Work experience with the PCI Data Security Standard, ISO 27001, SSAE16, or similar framework.
- Expert knowledge of all physical and virtual layers of security controls and their best practices.
- Proficient knowledge of standard and future encryption and cryptography implementation and deprecation.
- Excellent verbal and written communication skills.
- Ability to lift and move items weighing up to 50lbs without assistance.
- Self-starter with the ability to perform tasks as an individual contributor or as a project lead.
- Excellent at educating any user on all security awareness topics to perpetually harden our internal posture.
Education and Experience
- Higher education in information security or computer science is desired, but can be substituted with a broader background in information security disciplines.
- Related certifications from PCI, ISC2, ISACA, GIAC, SSAE16, or CISSP organizations are a major plus.
|Shift4 is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.