PCI Security Standards Council, LLC
  • Standards
  • USA
  • Salary
  • Full Time

The Standards Development Manager will play a key role in the ongoing development of the PCI security standards, as well as contribute to other Council program initiatives. The Standards Development Manager will work directly with the PCI technical working groups to draft information security content for our portfolio of standards and develop requirements and supporting documentation for new and emerging standards. The Standards Development Manager will also be responsible for supporting project management for ongoing work assignments and status reporting of deliverables to senior leadership.  

 

Key Responsibilities: 

  • Contribute first-hand experience and technical security skills to develop technical security requirements for payments industry security standards 
  • Coordinate research and input from various stakeholders for inclusion in technical and business security requirements
  • Develop testing procedures and reporting frameworks to support assessments against the standards
  • Review and evaluate feedback on current standards, provide recommendations, and architect changes as agreed to by the Working Groups
  • Draft and contribute to supporting materials, covering various technologies and payment industry topics, such as payment software, EMV, mobile security, e-commerce, and wireless networking, as applicable to PCI standards
  • Participate and represent the Council in various forums, including Working Groups, Task Forces, webinars, etc.
  • Solicit and evaluate feedback to identify industry demand for guidance in particular topic areas
  • Contribute articles and content to various stakeholder communications, including marketing releases, newsletters, training programs, and webinars
  • Lead one or more working groups, task forces, or special interest groups (SIG) in the development of PCI standards or guidance
  • Respond to technical inquiries received by the Council
  • Maintain proficiency with security best practices for the payments industry

 

Skills and Abilities: 

  • Minimum of 5+ years information security and/or payment card industry experience
  • Bachelor's degree required
  • Security industry certifications, such as CSSLP, CISSP, CISA, CISM
  • Expertise in secure software design and development, application security testing, and secure software lifecycle methodologies and principles
  • Previous experience in at least two of the following areas required:
    • Implementation or evaluation of mobile payment acceptance technologies
    • Software risk assessment and security controls selection
    • Development of technical software documentation
    • Implementation or evaluation of 3-D Secure implementations  
    • Implementation or evaluation of EMV Payment Tokenization environments
  • Implementation or evaluation of cryptographic protocols, algorithms, and key management architectures
    • Implementation or evaluation of security controls for cloud-based payment environments
  • Excellent English written and oral communication skills; ability to express thoughts clearly; strong listening skills; and the ability to communicate effectively to different audiences
  • Strong comprehension skills for understanding information security best practices and applying knowledge to different scenarios
  • Flexible, proactive, quick to learn and possessing a can-do attitude
  • A blend of curiosity, creativity, persistence, commitment, passion and optimism
  • Self-discipline with attention to detail and time management
  • Ability to work effectively in a remote team environment to meet quality and schedule deadlines

 

Strong Preference given to those with:

  • Working knowledge of the financial and payment card processing industries and the lifecycle of payment card transactions
  • Technical understanding of mobile payment transaction architectures (e.g. Secure Element, HCE, OTA provisioning, mPOS acceptance, etc.)
  • Experience implementing or assessing security infrastructures for financial institutions,  large enterprise merchants, and/or service providers
  • Working knowledge of audit methodologies and security assessment tools
  • Experience developing information systems and networking diagrams
  • Business and technical writing experience, including published information security articles
  • Ability to communicate information security and other technical concepts to diverse audiences
  • Experience with communications practices, principles, and procedures for both onsite and online presentations
  • Experience with Microsoft Office products and ability to develop presentation material using PowerPoint
  • Willingness to travel up to 30%

 

Additional Information:

  • Location: Remote (Work from Home) in US, UK or Canada
  • Position Type: Full-Time
  • Salary: DOE

 

PCI SSC is an Equal Opportunity Employer

PCI Security Standards Council, LLC
  • Apply Now

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Sign Up For Job Alerts!

  • Share This Page
.