Sr. Manager, Information Security Assurance
What We'll Bring
The PCI role at TU will support the alignment of foundational and application level security controls as it relates to the requirements of the PCI DSS standard.
What You'll Bring
Represent InfoSec Governance on the Architecture Review Board and advise internal stakeholders of potential impacts to compliance efforts.
Work with Information Security teams and support the definition and prioritization of security related initiatives as they impact compliance efforts.
Develop appropriate framework to adequately monitor PCI compliance globally.
Mentor and train global BU representatives on compliance frameworks in an effort to increase awareness of the impact to the local business.
Work with Information Security to develop a global roadmap to address known PCI deficiencies and transition to PCI 4.0.
Develop and execute global roadmap for PCI certification specifically targeting non-certified regions including but not limited to: RISE, Hong Kong, South Africa, Botswana, India and Colombia. Investigate the appropriateness of certification in other regions where full PAN is stored, processed or transmitted.
Review and champion a framework of solutions that than be used to minimize and the scope of compliance efforts, such as: tokenization and merchant services.
Participate in the evaluation of compliance management tools to facilitate the automated collection and reuse of audit artifacts.
Impact You'll Make
It will be beneficial for the PCI role to create a working document where a summary of controls implemented at foundational, application levels are documented against the PCI requirement so that TU Internal Audit, Security, or people of interest have a single document summarizing the implemented controls.