HD Supply Senior PCI Compliance Officer in Orlando, Florida
HD Supply (NASDAQ:HDS) ( www.hdsupply.com ) is one of the largest industrial distributors in North America. The company provides a broad range of products and value-add services to approximately 500,000 customers with leadership positions in maintenance, repair and operations and specialty construction sectors. Through approximately 260 locations across 36 states and six Canadian provinces, the company's approximately 11,000 associates provide localized, customer-driven services including jobsite delivery, will call or direct-ship options, diversified logistics and innovative solutions that contribute to its customers' success. With an active commitment to the communities in which we operate, HD Supply associates are part of a thriving organization that supports the virtues of wellness, diversity and inclusion – all of which are top priorities for the company. Equally as important is empowering our associates to grow professionally while providing competitive benefits and compensation. If you’re ready to find a rewarding career and achieve your full potential with a growing industry leader, HD Supply is ready for you!
Job Description & Qualifications
Responsible for day-to-day efforts on Information security risk management for HD Supply, focusing on detailed technology issues.
Major Tasks, Responsibilities and Key Accountabilities
Conducts independent test and evaluation of new and existing systems. Performs testing to include system security testing, vulnerability scanning, security configuration reviews of desktop/laptop images, writing test plans, test cases/scripts, status reports and test summary reports.
Identifies security vulnerabilities and develops algorithms and methods for detecting and preventing host and network based attacks.
Performs advanced analysis and/or reverse engineering of suspect source code and makes the appropriate changes to security event detection systems.
Implements the appropriate processes and tools to deliver sound investigations as well as analyze log files for activities surrounding security events.
Initiates security response procedures when a problem is detected and methodically creates and updates security standard documentation. Develops attack and defense methodologies for high risk computer networks. Writes scripts and develop software utilities to automate security analysis efforts.
Performs a wide range of technical operations related to the location, retrieval, processing, review, analysis, and production of electronic data for discovery, audit, or investigation.
Performs quality checks on all data collected, copies final data deliverables to various media, and documents the procedures used in the collection process.
Maintains procedures and devices in compliance with SOX compliance, PCI regulations and other regulatory authorities as required. Provides data to internal or external auditors for security and compliance audits. Serves as a liaison between the legal team, outside counsel, IT personnel, and internal organization.
Nature and Scope
Identifies key barriers/core problems and applies problem solving skills in order to deal creatively with complex situations. Troubleshoots and resolves complex problems. Makes decisions under conditions of uncertainty, sometimes with incomplete information, that produce effective end results.
Independently performs assignments with instruction limited to the expected results. Determines and develops an approach to solutions. Receives technical guidance only on unusual or complex problems or issues.
May oversee the completion of projects and assignments, including planning, assigning, monitoring and reviewing progress and accuracy of work, evaluating results, etc. Contributes to employees' professional development but does not have hiring or firing authority.
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
Typically requires overnight travel 5% to 20% of the time.
Education and Experience
- Typically requires BS/BA in a related discipline. Generally 5-8 years of experience in a related field OR MS/MA and generally 3-5 years of experience in a related field. Certification is required in some areas.
Preferred Qualifications & Job Specific Details
At least 10 years of Information Security and Information Technology experience.
Significant experience facilitating and coordinating a PCI Compliance program for a Level 1 or 2 merchant as a QSA/ISA
Experience validating enterprise architectures against industry standards such as PCI DSS, ISO 27001, COBIT, HIPAA, FedRAMP, and NIST/DoD frameworks
Experience building common compliance frameworks as well as mapping between different compliance requirements
Technical knowledge of security technologies and architecture in multiple security domains (such as infrastructure hardening, privileged access, data security, endpoint security, anti-malware, network security, application security and others
Ability to review technical reports and provide risk mitigation solutions from activities such as Penetration Testing, Vulnerability Management, Wi-Fi testing and/or web-based application assessments
Experience automating assessments in enterprise or cloud environments using a GRC platform
Experience with risk assessment methodologies and risk reporting for executive leadership
Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively
Job Locations US-FL-Orlando
Posted Date 1 week ago (9/11/2020 10:18 AM)
Job ID 2020-38850
Business Unit Construction Industrial WC
Functional Area Information Technology
Remote Position? No
Position Type Full-Time
Posting Location : Postal Code 32805
HD Supply is an Equal Opportunity Minority/Female/Individuals with Disabilities/Protected Veteran and Affirmative Action Employer. HD Supply considers for employment and hires qualified candidates without regard to age, race, religion, color, sex, sexual orientation, gender, gender identity, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law.