PCI Professional

You’re more valuable than ever – And that’s just how we’ll make you feel.

JOB SUMMARY

At GoHealth Urgent Care, we place the needs of our patients first - by providing an effortless patient experience, a welcoming culture of care and seamless integration with market-leading health systems and our communities.

The PCI and IT Security Compliance Professional plays a critical role in ensuring that the organization adheres to Payment Card Industry Data Security Standards (PCI DSS) and other relevant IT security compliance regulations. This position involves monitoring, evaluating, and maintaining security measures to protect sensitive data and manage risks effectively.

The expectations of this role are individuals who have been trained and certified by the PCI SSC to understand and implement PCI DSS requirements. The Professional will partner with an external QSA to ensure the organization SAQ’s are meeting industry standards and to obtain an independent validation from a QSA. This role will also be responsible for implementing, and managing an ASV program, including the management and remediation of findings adhering to the organizations patch management policy and PCI DSS ASV compliance requirements.

This role requires strong written and oral communication skills, as well as the ability to communicate complex technical concepts in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently in front of large groups and with leaders, vendors, audit, legal, and service providers.

They must also be organized, work independently across multiple functions throughout the enterprise.

JOB REQUIREMENTS

Education

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field

Work Experience

• Minimum of 5 years of experience in IT security and compliance, with a focus on PCI-DSS required
• Minimum of 5 years of hands-on technical experience including networking, cloud infrastructure administration, systems administration, software development required
• Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) preferred

Required Licenses/Certifications

• PCI Professional (PCIP) required
• CISSP preferred
• CISA preferred

Additional Knowledge, Skills and Abilities Required

• Proficiency in security tools and technologies, vulnerability assessment techniques, and risk management frameworks.
• Strong analytical and problem-solving abilities to identify and address security risks effectively.
• Excellent verbal and written communication skills to convey complex security concepts to both technical and non-technical audiences.
• Meticulous attention to detail to ensure thorough compliance checks and accurate reporting.
• Ability to work collaboratively with cross-functional teams and manage relationships with external vendors.
• Familiarity with PCI-DSS standards and requirements.
• Ability to communicate complex technical concepts to non-technical stakeholders.

Additional Knowledge, Skills, and Abilities Preferred N/A

Essential Functions

• PCI DSS Compliance: Ensure the organization complies with all PCI DSS requirements, including regular assessments and audits.
• Technical and architecture understanding of implementing and operating a vulnerability scanning program to ensure on-going ASV’s are conducted and followed across the organization.
• Proficiency in Web application design and security controls related to PCI DSS. Being able to explain to the auditors and software developers the technical controls found on the website and its relation to PCI Compliance.
• Must have strong technical background in Security Assessments, risk management, vulnerability scanning, data encryption standards, firewall management and regulatory compliance.
• Must have previously conducted a comprehensive PCI DSS assessments for various clients and implementing security controls and measures to protect cardholder data
• Must have provided and developed guidance and training to clients on PCI DSS requirements and best practices, while developing and maintaining documentation for compliance audits.
• IT Security Audits: Conduct internal and external IT security audits to identify vulnerabilities and ensure compliance with industry standards.
• Risk Management: Develop risk management strategies and implement controls to mitigate security risks.
• Policy Development: Create and maintain policies and procedures related to IT security and PCI compliance.
• Training and Awareness: Conduct training sessions and awareness programs to educate staff on security best practices and compliance requirements.
• Incident Response: Develop and manage incident response plans to address security breaches and other emergencies.
• Reporting: Generate compliance reports and present findings to management and regulatory bodies.
• Vendor Management: Work with third-party vendors to ensure their compliance with security standards.

Note:  This job description is not inclusive of all the duties of the position.  You may be asked by leaders to perform other duties.  Management reserves the right to revise this position description at any time. 

Set up email alerts as new job postings become available that meet your interest! 

All qualified persons are granted an equal opportunity for employment without regard to race, color, religion, sex, sexual orientation and gender identity or expression, age, national origin, citizenship status, disability, genetic information, medical condition, family care leave status, pregnancy or pregnancy-related condition, otherwise qualified disabled or veteran status. The company will comply with all fair employment laws in each of the jurisdictions where we conduct business.

For applicants in California, please review our California Consumer Privacy Statement here. https://www.gohealthuc.com/privacy-policy