Sr Security Engineer (PCI)Job ID R39041
Job Description Details
Senior Security Engineer (PCI)
Business Unit Summary
Advanced technology professional providing broad cybersecurity expertise, with focus to assure PCI-DSS compliance. Seen by IT colleagues as a technical resource in their areas of expertise. Responsible for the protection and understanding of risk in relation to business information assets, meeting global security standards and compliance with regulations. Serves as a PCI-DSS specialist, providing knowledge and actionable guidance to the enterprise as it relates to current and future processes. Ensuring there is a clear understanding of the enterprise security posture at all levels.
A Day in the Life
- Leads in the evaluation of new and existing technologies and makes strategic recommendations.
- Shares best practice, promoting and standardizing on consistent and efficient processes.
- Promotes security awareness.
- Works independently to design environments of increasing complexity and scope.
- Contributes to design specifications and the minimization of PCI scope.
- Collaborates with internal teams and external parties on general cybersecurity related activity.
- Leads PCI assessments and identification of gaps to achieve and sustain compliance.
- Develops, maintains, distributes and reports on program of work and project plans.
- Identifies scope, recording and tracking associated inventory, ensuring significant change is monitored and controlled.
- Proactively identifies control weaknesses and deficiencies, assessing risk and impact, supporting risk register updates, collaborating to drive risk reduction and removal of compensating controls
- Leads technical design. Defines project plans, provides estimates, identifies key milestones, and raises critical project issues such as technical constraints or resource needs and proposes alternative solutions.
- Reviews vendor proposals and their evaluation, making appropriate recommendations.
- Makes cybersecurity-based recommendations and ensures they are implemented.
- Facilitates internal and external audits, ensuring timely collation of evidence, championing completeness and accuracy of reviews, driving continuous improvement and efficiency.
- Performs and executes self-assessment activities.
- Supports first and second level operational support, providing third level support for production systems when necessary.
- Reviews and ratifies standard operating procedures and flowcharts to support processing logic. Assists other team members with tackling support. More complex work with third parties, vendors and partners. Leads practical improvements to support process where efficiency is lacking.
- Develop and drive standards for all layers of Cybersecurity (i.e. people, process, technology).
Keys to Success
At Qurate Retail Group, if you are Agile, Innovative, Pioneering, Dynamic, Boundaryless, Passionate, Customer-Centric, Collaborative, and Results-Focused, you will love it here!
- 5+ years of related experience
- Degree educated or equivalent – Information / Cybersecurity, computer science or other related to support job specifics.
- PCI certification e.g. PCIP, PCI ISA, PCI QSA
- Proven experience of combined security and\or IT work experience in a position focused primarily on information security.
- Demonstrates developed knowledge and thorough understanding in technical domain.
- Expert in multiple facets of the technology platform can independently evaluate and drive resolution of all problems in their core competencies.
- Maintains and extends expertise in own domain while also developing knowledge of emerging technologies and other related technologies.
- One or more professional security certifications e.g. CISSP, CISM, CISA, or relevant SANS certification. Proven experience of combined cybersecurity and/or IT work experience in a position focused primarily on information security.
- In-depth knowledge of information security standards, best practices, and common data confidentiality regulations e.g. ISO27001/2, NIST, EU Privacy, PCI, Sarbanes-Oxley, HIPAA, etc.
- Demonstrated ability to translate business requirements into appropriate controls in a client-focused environment.
- Experience in conducting security and risk-based audits in technology environments – as a lead auditor.
- Proven experience in writing audit reports for different audiences
- Demonstrates developed knowledge thorough understanding in technical domain.
- Stays current with technology developments and competitive trends, uses this knowledge to identify and propose PCI compliance strategies to the enterprise.
- Ability to obtain ISA (Internal Security Assessor) certification within 12 months.
(Candidates will be considered in totality of their skills and experience versus strict interpretation of “must haves.”)
Nice to Haves
- Previous experience as a PCIP, ISA or QSA preferred.
- Risk Management certification or equivalent experience e.g. CRISC
- Project Management or equivalent experience e.g. PMP, Prince2, CSM
- Possesses good understanding of the retail industry
About Cornerstone Brands
Cornerstone is comprised of four interactive, aspirational home and apparel lifestyle brands: Ballard Designs, Frontgate, Grandin Road, and Garnet Hill. Cornerstone operates separate ecommerce sites for all the brands, distributes more than 265 million catalogs annually, and has 16 retail and outlet stores. The Cornerstone brands are part of Qurate Retail, Inc. (NASDAQ: QRTEA, QRTEB), which includes QVC, HSN, zulily and the Cornerstone brands (collectively, “Qurate Retail Group”), as well as other minority investments. Qurate Retail Group believes in a third way to shop -- beyond transactional ecommerce or traditional brick-and-mortar stores -- and is #1 in video commerce, #3 in ecommerce in North America and #3 in mobile commerce in the U.S. (according to Internet Retailer). For more information, visit www.qurateretailgroup.com.
As an equal opportunity employer, Qurate Retail Group is committed to a diverse workforce and is also committed to a barrier-free employment process. In order to ensure reasonable accommodations for individuals pursuant to applicable law, individuals that require accommodation in the job application process for a posted position may contact us at CareersUS@QVC.com for assistance.
Click Apply and log in with your existing account or create an account. This will allow you to check the status of your application at any time and receive the most up to date communications from our Talent Acquisition team.