IT Risk Compliance is responsible to manage all the annual PCI compliance assessment which will be assessed by external Qualified Security Assessors, including updating the PCI compliance risk assessment as needed and coordination and execution of the annual PCI compliance assessment that results in the timely issuance of the Report on Compliance each year.

• Coordination with auditor for regular Audit from Internal and External including PCI DSS assessment
• Develop and execute the overall timeline and project plan for all the activities associated with the annual PCI assessment and or other Audit
• Conduct detailed data security assesments including applications, servers, databases and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance
• Collection and quality assurance of evidence, result of penetration testing and observations associated with the annual PCI assessment
• Ensure appropriate controls are in place to meet the PCI requirements and assist control owners with outlining remediation plans to address any deficiencies
• Assess/evaluate systems and environments to assess security exposures, vulnerabilities, gaps, or control deficiencies
• Provide direction and oversight to project teams to design, develop, deploy, and sustain solutions that meet Internal/External audit, PCI DSS requirements, including but not limited to a set of technical deliverables, cost, schedule, quality and status reporting
• Responsible for resolving issues and mitigating risks, escalating issues/risks, when appropriate
• Facilitate assessments performed by external Qualified Security Assessors
• Create, maintain, and update all IT policies and procedures to be inline with well-known international standards (e.g. ISO27001, NIST, etc).

• Minimum bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field
• Strong communication and interpersonal skills to communicate with management and other business units
• Strong ethics and understanding of ethics in business and information security
• Ability to work with all levels of an organization
• Minimum of 3+ years of hands-on security assessment, quality assurance, or PCI DSS Experience
• Strong understanding of network and systems security, system and network configuration, and application security
• Able to identify complex control gaps
• Solid understanding of generally applicable and accepted auditing standards and framework (e.g. COBIT) and best practices for IT services management (e.g. ITIL), government guidelines and laws
• Preferred have professional certification (e.g. CISSP/PCI QSA or ISA/PCIP/CISM/CRISC)
• Very good communication skills
• High initiative, reliable, and independent person
• High attention to detail