PCI DSS Lead

.PCI DSS Lead
Location: Portsmouth
Salary: £65,000 - £70,000

The PCI Lead is responsible for managing and ensuring the organization's compliance with the Payment Card Industry Data Security Standard (PCI DSS). This role involves developing and implementing compliance programs, conducting risk assessments, leading audits, and providing guidance to internal teams to maintain and enhance PCI compliance. The PCI Lead collaborates with various departments to ensure that all payment processing activities adhere to PCI DSS requirements and industry best practices.

PCI Compliance Management:
Develop, implement, and maintain the organization's PCI DSS compliance program.
Ensure that all payment processing activities and systems comply with PCI DSS requirements.
Conduct regular reviews and updates of compliance programs to address emerging risks and regulatory changes.

Risk Assessment and Mitigation:
Perform risk assessments to identify and evaluate potential threats to cardholder data.
Develop and implement risk mitigation strategies to minimize compliance risks.
Conduct regular security audits and vulnerability assessments to ensure adherence to PCI DSS.

Audit and Assessment:
Plan, coordinate, and lead PCI DSS assessments and audits.
Work with Qualified Security Assessors (QSAs) and other external auditors to facilitate assessments.
Prepare and maintain documentation for audits, including Self-Assessment Questionnaires (SAQs) and Reports on Compliance (ROCs).

Policy and Procedure Development:
Develop, maintain, and update PCI-related policies, procedures, and guidelines.
Ensure that policies and procedures are communicated effectively to relevant stakeholders and consistently enforced.
Conduct regular training sessions and awareness programs for employees on PCI compliance.

Incident Response:
Develop and maintain an incident response plan for payment card data breaches.
Lead investigations into suspected breaches of cardholder data.
Provide guidance on corrective actions and coordinate with relevant teams to resolve incidents.

Collaboration and Communication:
Work closely with IT, operations, and other departments to ensure compliance with PCI DSS.
Communicate complex technical issues and compliance requirements to non-technical stakeholders.
Serve as the primary point of contact for PCI-related inquiries and issues.

Continuous Improvement:
Stay current with industry trends, emerging threats, and changes in PCI DSS requirements.
Identify opportunities for improving compliance processes and security controls.
Promote a culture of compliance and security awareness within the organization.

Experience:
* Great experience in information security and PCI DSS
* Proven experience in managing PCI DSS compliance programs and leading audits.
* Strong background in risk management, security assessments, and incident response.

Skills:
* In-depth knowledge of PCI DSS requirements and best practices.
* Strong analytical and problem-solving skills with the ability to assess complex compliance issues.
* Excellent communication and interpersonal skills with the ability to engage and influence stakeholders at all levels.
* Proficiency in compliance management tools and software.

Preferred Qualifications:
* Relevant certifications such as PCI Professional (PCIP), CISA, CISM, or similar.
* Experience with compliance in specific industries (e.g., finance, e-commerce, healthcare).
* Familiarity with other regulatory requirements and standards (e.g., GDPR, HIPAA, ISO 27001).

Personal Attributes:
* Strategic thinker with the ability to align compliance initiatives with business goals.
* Detail-oriented with strong organizational and multitasking abilities.
* Proactive and self-motivated with a commitment to continuous improvement.
* Ability to work effectively both independently and as part of a team.
* Strong ethical principles and integrity.

Working Conditions:
* This position may require occasional evening and weekend work to meet compliance deadlines and respond to security incidents.
* Travel may be required for training, conferences, or site visits.

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.