PCI Compliance Process Manager

Company: Hertz
Location: Estero
Posted on: November 20, 2022

Job Description:

General Responsibilities: Implement best in class IT Risk & Compliance management practices for ongoing collection of deliverables required for annual Payment Card Industry (PCI) Compliance assessments and for compliance assessments of additional security frameworks, such as, but not limited to, Sarbanes-Oxley Section 404 and ISO27000 standards. Continually increase awareness of these practices throughout the company. Global Information Security and Compliance (GISC) aligns enterprise security strategies with IT and business strategies while ensuring the changing requirements of business partners as well as domestic and international regulatory requirements are met; guides the company in Information Management techniques through proper classification, handling, and disposal of data; and leads the company in the development and maintenance of effective recovery strategies and plans through best Business Continuity practices. Key Results:

• Provide subject matter expertise on Information Security policies, PCI, SOX, EU GDPR and security best practices.
• Act as main point of contact for the receipt of compliance deliverables.
• Manages compliance program and ensures all required controls are performed timely by respective control owners in an auditable fashion.
• Serves as a primary contact and liaison for external auditors and QSAs.
• Monitors for changes to PCI requirements, industry developments, and security framework and regulation changes, and guides organization accordingly to sustain continuous compliance.
• Identifies and analyzes changes to business processes and infrastructure for impact on company's compliance with PCI and other requirements and provides guidance and recommendations for maintaining secure and compliant environment.
• Conducts risk assessments, security and compliance assessments on IT operational processes, procedures, and policies; interprets audit results and makes conclusions on the adequacy and reliability of controls; prepares and presents reports as necessary.
• Develops, implements, and maintains IT Compliance controls; reviews existing IT compliance controls for regulatory updates and performs the necessary gap analysis.
• Assist in the design and implementation of security controls, policies, and procedures.
• Develop and maintain Global IT Risk & Compliance Management Strategies and framework; ensure risk and compliance management is maintained across all computing resources and processes.
• Ensure IT compliance with laws and regulations, industry standards, and Hertz policies.
• Assess and manage IT risk; conduct regular IT risk assessments; measure effectiveness through providing metrics and dashboards
• Monitor and/or compile, analyze and approve all compensating controls
• Ability to manage and oversee vendor compliance activity compliance execution
• Consultative role in the development of effective and efficient controls for new system onboarding Essential Requirements: Educational Background:
  • College degree or equivalent work experience Professional Experience:
    • Minimum 7 years IT
    • Experience implementing Global Risk & Compliance Program
    • Minimum 5 years leading global regulatory compliance (e.g. SOX, PCI, HIPPA, EU Safe Harbor, ISO certifications)
    • Experience with multiple operating systems and/or security tools Knowledge:
      • Latest IT security, control, and audit technologies and standards focused on PCI-DSS
      • Information IT security related risk, regulatory, audit, and compliance requirements
      • General societal, legal and regulatory issues related to information protection
      • Risk management models
      • IT Incident Management Skills:
        • Works effectively in and across complex organizations
        • Handles adversarial and sensitive situations with tact and diplomacy
        • Leverages resources from different organizations to achieve security/control compliance
        • Creates synergy between GISC and our business partners and other organizations
        • Communicates effectively with all levels of management; including presentations to Executive Management
        • Excellent communication, collaboration, problem solving and project management skills
        • Knowledge of IT Infrastructure and Processes (e.g. network, application development, change control, service desk, web design)
        • Organizational, leadership, and delegation skills
        • Leads with vision/strategic focus
        • Excellent verbal and written communication skills
        • Diligence and keen sense of quality
        • Ability to work across different teams in GISC to drive IT Risk & Compliance : At Hertz, we champion and celebrate a culture of diversity and inclusion. We take affirmative steps to promote employment and advancement opportunities. The endless variety of perspectives, experiences, skills and talents that our employees invest in their work every day represent a significant part of our culture - and our success and reputation as a company. Individuals are encouraged to apply for positions because of the characteristics that make them unique. Qualified applicants with criminal histories will be considered for employment in a manner consistent with applicable federal, state and local law. Hertz is a drug free workplace. EOE, including disability/veteran

Keywords: Hertz, Cape Coral , PCI Compliance Process Manager, Executive , Estero, Florida