PCI Compliance Analyst (IT Security)
SWBC Headquarters
SWBC
SWBC offers financial solutions for individuals, businesses, and financial institutions. We have you covered with personal and business insurance, mortgages, and wealth management.SWBC is seeking a talented individual to be responsible for the day-to-day engagement with stakeholders and for monitoring our Enterprise PCI DSS program, ensuring that all customer-facing products remain PCI compliant. This role involves performing and overseeing SWBC’s PCI Compliance program, including ongoing management, assessment of security controls, scheduled evidence collection, risk analysis, and coordination of the annual PCI assessment. The Analyst also supports the company’s ongoing Service Organization Controls (SOC) Audits, Information Technology audits, NACHA (National Automated Clearing House Association) compliance, and FFIEC (Federal Financial Institutions Examination Council) compliance. Additionally, the role involves conducting risk assessments, tracking risks, implementing risk remediation strategies, and reporting on risk status. The analyst will also identify and manage security compliance issues related to payment systems and platforms, ensuring timely resolution and compliance with relevant standards. A strong emphasis is placed on stakeholder engagement, requiring the Analyst to collaborate closely with various internal and external stakeholders to ensure comprehensive compliance across the enterprise.
Why you'll love this role:
In this role, you will collaborate with top information security, technology, and business professionals in the financial services and financial technology (FINTECH) industries. As part of an agile and innovative security team, you will engage with stakeholders at all levels and interact with the industry’s leading partners. You will utilize advanced security technologies and tactics to protect cutting-edge financial and business technologies and ensure they are compliant and trusted. Beyond exceptional career opportunities and unique experiences, our security team is diverse, passionate about collaboration, and leverages state-of-the-art technology and automation. We value laughter, celebrate our successes as a team, and our leaders prioritize empowerment, autonomy, work-life balance, professional development, continuous improvement, and a commitment to shared values. We work hard, support each other, and deliver positive outcomes daily. This role offers a dynamic and supportive environment where you can grow professionally while making a significant impact. If you thrive in a collaborative setting and are excited about working with cutting-edge technologies, this position is perfect for you. Join us and be part of a team that values innovation, teamwork, and continuous improvement.
Essential duties include the following:
- Ensures all customer-facing products remain PCI compliant through ongoing management, assessment of security controls, scheduled evidence collection, risk analysis, and coordination of the annual PCI assessment. This includes overseeing compliance across multiple products in separate lines of business within the enterprise. Additionally, maintain and track the PCI compliance status of vendors and partners. Ensure third-party compliance aligns with enterprise standards and manage any compliance issues that arise.
- Performs risk assessments, track risks, implement risk remediation strategies, and report on risk status. Identify and manage security compliance issues related to payment systems and platforms, ensuring timely resolution and compliance with relevant standards. This role requires a comprehensive approach to risk management across various business units.
- Collaborates with internal and external stakeholders to ensure understanding and adherence to PCI DSS requirements. Engages with different departments to align compliance efforts across the enterprise. Prepares internal and external presentations and reports to communicate compliance status, audit findings, and risk management activities. Support client due diligence requests and requests for proposals, ensuring all compliance-related information is accurately provided.
- Assists with the company’s ongoing Service Organization Controls (SOC) Audits, Information Technology audits conducted by internal and external audit firms, and ensure compliance with NACHA (National Automated Clearing House Association) and FFIEC (Federal Financial Institutions Examination Council) standards. Provide audit support for multiple products and services across different lines of business.
- Maintains comprehensive documentation of compliance activities, including policies, procedures, and audit findings. Ensures documentation reflects the compliance status of multiple products and services within the enterprise.
- Assists in the development and execution of incident response plans related to PCI DSS compliance breaches. Coordinates incident response activities across various business units to ensure a unified approach. Support stakeholders in the development and testing of business continuity and disaster recovery plans.
- Develops and delivers PCI DSS training programs to ensure all relevant personnel are aware of compliance requirements. Tailor training programs to address the needs of different business units and product lines.
- Identifies opportunities for enhancing the PCI DSS compliance program and implement improvements to ensure the program remains effective and up-to-date with industry standards and best practices. Foster a culture of continuous improvement across all lines of business.
Serious candidates will possess the minimum qualifications:
- Bachelor’s Degree in Information Technology, Cybersecurity, or related field or equivalent experience.
- Minimum five (5) years of experience in Information Security.
- Minimum five (5) years of experience in Cybersecurity, specifically cloud security with public cloud providers.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Internal Security Assessor (ISA), and highly desired.
- Demonstrated ability to work as an essential part of a highly motivated business, technology, development teams.
- Proficient Microsoft Office skills, including Word and Excel.
- Written and verbal communication skills and the ability to work with teams and external stakeholders are essential.
- Strong problem resolution and interpersonal skills.
- Strong multi-tasking skills.
- Able to use general office equipment including copy machine and phone system.
SWBC offers*:
- Competitive overall compensation package
- Work/Life balance
- Employee engagement activities and recognition awards
- Years of Service awards
- Career enhancement and growth opportunities
- Leadership Academy and Mentor Program
- Continuing education and career certifications
- Variety of healthcare coverage options
- Traditional and Roth 401(k) retirement plans
- Lucrative Wellness Program
*Based upon employee eligibility
Additional Information:
SWBC is a Substance-Free Workplace and requires pre-employment drug testing.
Please note, SWBC does not hire tobacco users as allowed by law.
To learn more about SWBC, visit our website at www.SWBC.com. If interested, please click the appropriate apply button.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits Automation CISA CISSP Cloud Compliance FFIEC FinTech Incident response Monitoring PCI DSS Risk analysis Risk assessment Risk management SOC
Perks/benefits: Career development Competitive pay
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.