PCI Security Standards Council, LLC
  • Standards
  • USA
  • Contract

SUMMARY

The Standards Contractor will play a significant role in the ongoing development of the PCI PIN Transaction Security (PTS) standards, as well as contribute to other Council program initiatives. The Standards Contractor will work directly with the PTS Standards team of the PCI Council, industry stakeholders and other subject matter experts to develop and draft content for our portfolio of standards. This will include the PCI PTS Point of Interaction (POI) Security Requirements, the PCI PTS Hardware Security Modules (HSM) Security Requirements, the supporting laboratory test scripts, device vendor questionnaires, PIN Security Requirements and Program manuals, and engagement on the development of new and emerging standards, guidance documents and information supplements. The Standards Contractor will also be responsible for supporting project management for ongoing work assignments and status reporting of deliverables to PTS Standards team.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

  • Working with the PTS review team, review and assessment of PTS POI, PTS HSM, SPoC, and CPoC laboratory reports to ensure consistent and appropriate application of security testing criteria
  • Working with the PTS Standards team, interact with PCI recognized evaluation laboratories to provide, receive, and process guidance on technical security issues, RFC, and evaluation methodologies
  • Draft documentation on behalf of the PTS standards team including, but not limited to, the PTS Working Group and designated task forces
  • Draft information supplements for various technologies that impact the protection of cardholder account data with primary, but not exclusive, emphasis on PIN data
  • Development and discussion for endorsement of technical FAQs in support of the assessment of payment security devices
  • Development and presentation of Issue summaries and briefs for discussion, and if applicable, endorsement by senior management
  • Attend and provide project management and subject matter expertise for the PTS Standards team that may include, but not be limited to, technologies such as Open Protocols, Encryption, Tokenization, Mobile, Cloud Computing, Wireless technologies and Virtualization
  • Review and edit deliverables sent to the PTS Standards team by third parties

SKILLS AND ABILITIES REQUIRED

  • Minimum of 10+ years of information security, payment card technologies and payment device physical and logical security constructs
  • Industry certifications in the areas of Information Security/Systems
  • Bachelor's degree required
  • Understanding of information systems and networking diagrams
  • Experience in physical and logical security characteristics of cryptographic devices
  • Working knowledge of the financial industry and the lifecycle of payment card transactions
  • Working experience with payments industry software and hardware development methodologies and practices
  • Working experience in audit and control procedures for preventing or detecting the unauthorized alteration or substitution of secure devices during manufacturing and/or during conveyance
  • Working knowledge of audit methodologies and security assessment tools
  • Excellent written and oral communication skills; ability to express thoughts clearly, know how to listen and contribute in a team environment
  • Strong interpersonal skills with demonstrated ability to work with participants with both diverse  and robust convictions and perspectives
  • Experience working with communications practices, principles and procedures for both on-site and online presentations
  • Must be flexible, proactive, quick to learn and have a can-do attitude
  • Must have a blend of curiosity, creativity, persistence, commitment, passion and optimism
  • Assess technologies relevant to the financial payments industry, with an emphasis on the development of techniques and their proper implementation for the protection of identification/authentication data
  • Exposure to Chip technologies in the financial payments industry
  • Familiarity with cryptographic key management methodologies for the protection of payment card data for payment transaction processing, with emphasis on cardholder authentication data
  • Industry recognition as a subject matter expert in the protection of sensitive data in the financial payments industry
  • Strong writing skills and previously published information security articles
  • Familiarity with mobile payment transactions
  • Presenting technical concepts to audiences with a diverse understanding of information security
  • Understanding of the financial and payment card processing industries
  • Knowledge of point-to-point encryption methodologies and other techniques for the protection of cardholder account data
  • Strong comprehension skills for understanding information security best practices and applying knowledge to PCI requirements
  • Strong organization and time-management skills
  • Ability to work independently and as part of a team
  • With Microsoft Office products and the ability to develop presentation material using PowerPoint
  • Willingness to travel up to 15%

Additional Information:
Location: This is a remote position that will work from home.  
Position Type: Contractor
Salary: DOE

 

PCI SSC is an Equal Opportunity Employer

PCI Security Standards Council, LLC
  • Apply Now

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Sign Up For Job Alerts!

  • Share This Page
.