Information Security Analyst IV (GCIM)

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.  Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.  We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.  Join our dynamic team and make your mark on the payments technology landscape of tomorrow. 

What Part Will You Play?

• Assess and support severity assignment on reported vulnerabilities in line with the Common Vulnerability Scoring System (CVSS)

• Effectively communicating vulnerability findings to stakeholders, including technical and non-technical audiences

• Developing strategies to address identified vulnerabilities, including mitigation plans and timelines

• Coordinate the remediation of findings from the organisation’s Bug Bounty & Vulnerability Disclosure Programs working directly with whitehat researchers.

• Analyze findings to understand if our vulnerability scanners failed to identify them and work with the relevant to address any visibility gaps

• Identify missing security controls that could have mitigated the Bug Bounty finding and ensure correction is tracked to completion

• Mature the program through the onboarding of new assets

• Works closely with Risk Management teams to document identified risks and issues highlighted through Bug Bounty Program

• Maintains a working knowledge of key data security frameworks and regulations such as PCI (Payment Card Industry)/Logical Security guidelines and models, HIPPA (Health Insurance Portability and Accountability Act), (GDPR) General Data Protection Regulation, PII (Personally Identifiable Information), NIST CSF (Cyber Security Framework).

• Collaborates with Legal and Privacy Offices when critical data is at risk as a result of a Bug Bounty finding

• Maintain and follow runbooks for day-to-day activities

What Are We Looking For in This Role?

Minimum Qualifications

• Relevant Experience or Degree in: Bachelor's degree in Computer Science, Info Security, or related field. Or relevant work experience in a related field.

• Typically Minimum 2 Years Relevant Experience with Vulnerability Management or involved in Bug Bounty Program handling

• Knowledge of network operations or engineering or system administration on Unix, Linux, MAC (Message Authentication Code), or Windows; common security operations, intrusion detection systems, Security Incident Event Management systems, Penetration Testing, Web Application assessment, Secure Coding practices, Cloud Technologies.

Preferred Qualifications

• ITIL V4

• Professional security certifications such as CompTIA Security+/ Cybersecurity Analyst+, or Systems Security Certified Practitioner (SSCP), or CISM(Certified Information Security Manager), or CISA(Certified-Information-Systems-Auditor),or EC-Council Certified Ethical Hacker (CEH) or Certified Secure Software Lifecycle Professional (CCSLP) or GIAC Web Application Defender (GWEB)

• Knowledge of industry standard security compliance programs PCI (Payment Card Industry), GDPR (General Data Protection Regulation), NIST Cyber Security Framework etc.)

• Experience working with ticketing systems such as Service Manager, IBM Control Desk and/or JIRA

What Are Our Desired Skills and Capabilities?

• Strong verbal and written communication skills.

• Attention to detail - reads and actively listens with an eye for detail.

• Demonstrated ability to effectively communicate ideas and persuade others to accomplish challenging goals and objectives.

• Ability to facilitate meetings and enable discussions that lead to resolution and communicate results.

• Vulnerability Management - knowledge with a proven record of assessing application and infrastructure vulnerabilities; understanding exploit methodologies.

• Skills / Knowledge - Developing professional expertise, applies company policies and procedures to resolve a variety of issues.

• Job Complexity - Works on problems of moderate scope where analysis of situations or data requires a review of a variety of factors. Exercises judgement within defined procedures and practices to determine appropriate action. Builds productive internal/external working relationships.

• Supervision - Normally receives general instructions on routine work; however can work independently where required.

• Industry Knowledge - Continued self-education of new and emerging threats and vulnerabilities and relevant processes, controls, or technologies to mitigate them.

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact jobs@globalpay.com.