Standards Manager

Full time & Remote (US business hours)

Preference for candidates in North America or United Kingdom

PCI Security Standards Council is looking for a new Standards Manager to join the team! Reporting to the Director of Solution Standards, the Standards Manager will play a significant role in the ongoing development of PCI security standards, as well as contribute to other Council programs and initiatives.

The person filling this role will work directly with others on the Standards Teams, technical working groups, industry stakeholders, and other subject matter experts to produce content for our portfolio of standards. This includes the development of requirements and assessment procedures to meet security objectives, as well as guidance documents, information supplements, and other documents to support adoption and implementation of the PCI standards.

Although this is a 100% remote role, it requires interaction with Council staff and attendance of various working groups and meetings throughout the week, primarily during US business hours. Applicants outside of North America or UK will not be considered.

This is an individual contributor role.

Benefits of the role include:

• A 100% remote role(no commuting in traffic!)
• Interacting with a diverse, global group of payment security professionals and stakeholders
• The opportunity to contribute to security standards within the payments ecosystem
• Reasonable travel (conditions permitting) expectations

What you'll be doing:

• Contribute first-hand security experience and subject matter expertise to develop technical security requirements and test procedures for the PCI security standards.
• Draft and contribute to materials covering various payment industry technologies and topics such as 3-D Secure, cloud, e-commerce, mobile payments, cryptography, and tokenization.
• Coordinate research and input from various stakeholders on current standards, evaluate feedback, provide recommendations, and draft changes as agreed to by the working groups.
• Contribute articles and content to various stakeholder communications, including newsletters, blog posts, training programs, and marketing releases.
• Chair meetings, facilitate discussions, and coordinate work efforts with various stakeholder groups to achieve meeting objectives.
• Assist in identifying improvements to the processes for creating, publishing, and maintaining policies, procedures, processes and/or related documents related to the PCI standards.
• Participate in the creation and presentation of materials for internal and external webinars and in-person presentations.
• Respond to technical inquiries received by the Council.
• Maintain proficiency with current security best practices for the payments industry.
• Collaborate across all PCI SSC teams, including standards development, program management, and stakeholder engagement, to support company goals and objectives.

What you need for this role:

• At least 5 years technical experience in one or more technical security fields {e.g., data security, software security, embedded security, cyber security, information security, network security, etc.}.
• At least 2 years of experience with payment technologies or infrastructures, such as EMV, 3-D Secure, cloud, e-commerce, mobile payments, cryptography, tokenization, or embedded payments technology.
• Experience assessing hardware and/or software technologies relevant to the payments industry, with a working knowledge of audit methodologies and security assessment tools.
• Expertise in implementing or evaluating security for at least one of:
  • Cloud-based payment environments
  • Mobile and e-commerce payment acceptance infrastructures
  • SecDevOps and security testing of payment software
  • Cryptographic protocols, algorithms, and key management architectures

What we expect of you in this role:

• Strong business and technical writing skills with experience writing technical documentation, standards, procedures, training documentation, or information security articles.
• Ability to process information with high levels of accuracy and present technical concepts to audiences with a diverse understanding of information security.
• Attention to detail, self-discipline, and time management skills.
• Ability to work effectively and meet quality and schedule deadlines in a remote work environment
• Flexible, proactive, quick to learn, and possessing a can-do attitude.
• A blend of curiosity, creativity, persistence, commitment, passion, and optimism.
• Willingness to travel up to 15%.

What will make you stand out:

• Bachelor's degree or higher in a related technical field.
• Industry certifications such as CISSP, CISA, CISM, or equivalent.
• Hands-on experience with implementing, managing, and/or assessing to one or more PCI security standards (e.g., P2PE, SPoC/CPoC, PIN, PTS POI/HSM, etc.).

The minimum starting salary for this role is $90,000 USD annually. Actual salary will be determined based on skills, experience, and other job-related factors.

About PCI Security Standards Council:

The PCI Security Standards Council's mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.

We work collaboratively with global leaders in our field and play a major role in the creation of new regulations and standards. Here's your chance to have a hand in affecting the future of payment card security.

PCI Security Standards Council is an Equal Opportunity Employer.