This job has expired, please see additional jobs below
Principal, Compliance
CBS
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Principal, PCI Compliance
ABOUT US:
CBS Corporation (NYSE: CBS.A and CBS) is a mass media company that creates and distributes industry-leading content across a variety of platforms to audiences around the world. The Company has businesses with origins that date back to the dawn of the broadcasting age as well as new ventures that operate on the leading edge of media. CBS owns the most-watched television network in the U.S. and one of the world’s largest libraries of entertainment content, making its brand - "the Eye" - one of the most recognized in business. The Company’s operations span virtually every field of media and entertainment, including cable, publishing, radio, local TV, film, outdoor advertising, and interactive and socially responsible media. CBS’s businesses include CBS Television Network, The CW (a joint venture between CBS Corporation and Warner Bros. Entertainment), Showtime Networks, CBS Sports Network, TVGN (a joint venture between CBS Corporation and Lionsgate), Smithsonian Networks, Simon & Schuster, CBS Television Stations, CBS Radio, CBS Outdoor, CBS Television Studios, CBS Global Distribution Group (CBS Studios International and CBS Television Distribution), CBS Interactive, CBS Consumer Products, CBS Home Entertainment, CBS Films and CBS EcoMedia.
DESCRIPTION:
Lead the development and implementation of a PCI compliance program that focuses on testing of security controls and process and aligns with ISO 27001, NIST and CBS security policies. Lead internal compliance efforts, identify and assess risks and work with internal control owners to appropriately document, test and report PCI compliance.
ESSENTIAL RESPONSIBILITIES:
• Lead the CBS PCI Compliance Program coordinating and conducting control assessments and test procedures addressing regulatory requirements. Identify potential weaknesses and recommend relevant remediation actions that address instances of non-compliance.
• Develop and maintain security related network and business process flow documentation supporting PCI compliance requirements. Advise process and technology owners on documentation requirement and support of testing where appropriate.
• Execute security control test procedures across network devices, applications, databases and operating systems in scope for PCI compliance.
• Partner with all levels of IT and business management to ensure PCI compliance testing is conducted in a cooperative, timely and efficient manner with cost effective recommendations being provided to management when compliance gaps are identified.
• Complete PCI Self Assessment Questionnaires and other related regulatory documentation required for annual attestation. Gather and retain support required to validate the claims made in the assessment.
• Partner with the third party Qualified Security Assessor (QSA) engaged to validate CBS’s adherence to PCI DSS.
• Document PCI compliance test results within GRC’s compliance platform, serving as the repository for compliance controls, test procedures, test results and remediation plans.
• Prepare reports on progress of compliance testing, including findings and recommendations reported by divisions for policy, procedure and internal control improvements.
• Routinely summarize and communicate test results to effected management and control owners. Provide insight into operations or suggestions for corrective actions that will ensure compliance and mitigate internal business risks.
• Review compliance testing results undertaken by division management and assess reported results for accuracy and completeness. Monitor compliance remediation plan execution through close phase.
• Identify on an ongoing basis relevant changes to PCI requirements and industry security trends and assess the impact of these changes on the scope and strategy of the PCI Compliance program.
• Perform customary administrative tasks and responsibilities.
• Other assignments or special projects as requested by management.
• Create, prepare, direct and/or perform PCI DSS focused training.
• 30% travel may be required.
QUALIFICATIONS:
Required:
• Seven (7) or more years of technology and audit experience (general technology controls, application and network reviews) within a public accounting and/or internal audit function.
• Five (5) or more years of experience with internal controls evaluation, testing and reporting relating PCI DSS compliance including all phases of planning, evaluation, documentation, testing, reporting and remediation.
• Strong understanding of PCI DSS, payment processes and related systems is a must.
• Demonstrated proficiency of technology auditing control disciplines including thorough and general knowledge in security and one or more relevant areas of technical specialization (application, database, operating system and network security)
• Sufficient information security knowledge and experience to conduct technically complex compliance assessments, with emphasis on internal information systems and security audit
• Ability to think analytically, communicate complex issues and develop control recommendations
• Ability to lead and motivate people and work well with others
• Effective written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism
• Customer focused and professional in work ethic and performance
• Demonstrated track record of integrity, effective communication, commitment to teamwork, innovation and excellence
• A BA or BS Degree or equivalent in Information Systems, Accounting, Finance, Business, or related field
• Professional Certification is preferred (CISSP, CISA, ISA or equivalent)
• Qualified Security Assessor (QSA) and/or PCI Professional designation a plus #DICE
EEO STATEMENT:
Equal Opportunity Employer Minorities/Women/Veterans/Disabled