PRIMARY OBJECTIVE OF POSITION:
The PCI DSS Manager is responsible for managing and maintaining the organization’s compliance with PCI DSS requirements. This role involves coordinating all aspects of PCI DSS assessments, implementing security measures to protect cardholder data, and ensuring continuous compliance with the PCI DSS standards. The PCI DSS Manager will work closely with various departments to mitigate risks, oversee the development and implementation of PCI DSS policies and procedures, and act as the primary liaison with auditors and regulatory bodies.
MAJOR AREAS OF ACCOUNTABILITY:
PCI DSS Compliance Management:
- Lead and manage the organization’s PCI DSS compliance program, including initial certification and ongoing assessments.
- Ensure the organization meets all 12 requirements of the PCI DSS and maintains up-to-date documentation of all compliance activities.
- Conduct regular internal audits and assessments to ensure compliance with PCI DSS.
- Collaborate with external Qualified Security Assessors (QSAs) during official PCI DSS audits and assessments.
- Coordination of non-PCI external audits
Security Policy Development:
- Work closely with the IT Security manager to develop, update, and maintain security policies, procedures, and guidelines to ensure they align with PCI DSS standards.
- Ensure that all security measures and controls are properly documented and communicated to relevant stakeholders.
Risk Management:
- Identify and assess potential security risks related to payment card data.
- Work with the IT Security team to implement and oversee the deployment of security measures to mitigate identified risks.
- Work with the IT Security team and other relevant parties to develop and execute incident response plans for breaches related to cardholder data.
Training and Awareness:
- Develop and deliver training programs for staff on PCI DSS compliance and security best practices.
- Raise awareness of PCI DSS requirements across the organization, ensuring all relevant personnel are knowledgeable about their roles in maintaining compliance.
Vendor Management:
- Oversee the management of third-party vendors to ensure they meet PCI DSS compliance requirements.
- Review and approve vendor contracts and service level agreements (SLAs) to ensure they include appropriate security provisions.
Continuous Improvement:
- Monitor industry trends, regulatory changes, and emerging threats to ensure that the organization’s PCI DSS compliance program remains up-to-date and effective.
- Recommend and implement improvements to the organization’s security posture and PCI DSS compliance program.
Reporting:
- Prepare regular reports on the status of PCI DSS compliance for senior management and other stakeholders.
- Provide detailed reports on any security incidents involving cardholder data and the steps taken to resolve them.
QUALIFICATIONS:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
- Minimum of 5 years of experience in information security, with focus on PCI DSS compliance.
- Experience managing PCI DSS compliance in a complex organization.
- Proven track record of successfully leading PCI DSS certification projects.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other relevant security certifications.
- PCI Professional (PCIP) or Internal Security Assessor (ISA) certification is highly desirable
- Ability to travel on an occasional basis
- Demonstrates Northern Tool + Equipment’s 12 Core Competencies.
PHYSICAL DEMANDS:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Frequently required to sit, use hands to handle objects and talk or hear.
- Frequent wrist and/or hand movement is required.
- Occasionally required to stand, walk and reach with hands and arms.
- Must occasionally lift and/or move up to 10 pounds.
- Specific vision abilities required include close vision, distant vision and the ability to adjust focus.