Principal IT Gov Risk & Compliance - 90196170 - Washington
Vacancy expired!
Your success is a train ride away.Amtrak connects businesses and communities across the country and we move America's workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees. Are you ready to join our team?SUMMARY OF DUTIES: The Principal IT Governance, Risk and Compliance is an experienced information security professional proficient in information security / cyber security compliance and IT risk management activities supporting the Company's Payment Card Industry Data Security Standard (PCI DSS) compliance efforts. The position evaluates controls supporting the Company's information security program with a goal of ensuring that they meet the requirements set forth by PCI DSS v3.2.1. This role serves as a subject matter expert supporting the internal PCI Compliance program, the annual third-party PCI assessment, and business as usual IT compliance activities. H/She will work with the Senior Principal IT Governance, Risk and Compliance and otherappropriate leadership to formulate, develop and review auditresponses. ESSENTIAL FUNCTIONS:
- Plans and supports the management of the PCI Compliance program and annual PCI DSS assessment performed by a Qualified Security Assessor Company
- Supports efforts to maintain a sustainable PCI compliance program. Conducts ongoing monitoring activities to evaluate controls necessary to meet the various PCI DSS requirements.
- Develops POA&Ms, information supplements, briefs, diagrams and other documents to convey compliance recruitments, control analysis and risk to the organization.
- Generates appropriate communication, process and educationalplans for mitigating the disruption of change. Identifies andremoves obstacles to change.
- Bachelor's Degree in cyber security, information systems, computerscience or similar
- Strong knowledge of multiple security concepts and methods such as vulnerability assessments, data classification, incident response, security policy creation, enterprise security strategies, architectures and governance.
- 7+ years of Information Security / Information Assurance experience, with direct experience in PCI and cyber security compliance and audit.
- Exposure to Standards, Policies and Legislation, e.g., ISO27001, NIST CSF, PCI DSS, GDPR, CCPA, etc. in the development of security strategies.
- Ability to create information security documentation and convey complex information security topics in a simple effective manner.
- Certifications required CISSP, CISM, CISA, CCSP, GSNA, Certified ISO 27001, Lead Auditor or other.
- Proficiency with Visio, Excel, PowerPoint and SharePoint
- Willingness to travel to meet operational needs (not greater than 10%)
- Recent PCI QSA or ISA experience
- Extensive knowledge of PCI DSS requirements and Information Security experience (e. g. Firewall, Network Admin, Architecture, Engineering, Pen Testing, etc.)
- Knowledge of: Cloud Security (AWS, Azure, Google Cloud Platform) , Windows and Linux operating systems , Cisco and Palo Alto router and firewalls configurations
- Experience designing and/or implementing risk management and security solutions
- 11+ years of relevant work experience to satisfy education andexperience requirements
Vacancy expired!