Senior Specialist, Information Security (Pci)

Summary

The Corporate Information Security team is hiring a Senior Specialist, Cyber Security reporting to the Senior Manager, Information Security. The Specialistis accountable to support the risk management and compliance programs at Bell, its subsidiaries and key suppliers.

In addition, the Specialist, will support Bell's Payment Card Industry Centre of Excellence governed by the PCI Data Security Standard (PCI DSS).

Key Responsibilities

• Plan and conduct PCI Self-assessments individually, including PCI environment scoping, participate in governance reviews, and conduct onsite assessment activities
• Develop and complete program and status reporting, and complete other reports as necessary including Attestations of Compliance (AOC's) and other PCI Self-assessment questionnaires
• Conduct PCI Assessments based on the newest version of the standard Version 4.0
• Lead meetings, chair conference calls, action follow-ups, and proactively interact with the various Business Units to move projects forward to ultimate completion within required timeframes.
• Support and maintain the Security Directive on Payment Card Industry Compliance, and ensure that it meets the most current requirements of the PCI DSS, aligns with industry best practices, other internal requirements, and remains consistent with Bell's risk tolerance
• Support consistent operational implementation of the Directive and PCI DSS compliance across Bell Business Units where applicable, and its key vendors who process credit card transactions on Bell's behalf
• Inform, train and/or support Business Units to appropriately identify, assess, measure and manage PCI DSS risk across portfolios
• Partner and build relationships with various stakeholders responsible for implementing controls and be seen as the PCI DSS resource at Bell
• Partner and build relationships with Security Architecture & Information Security Project Management resources responsible to design security systems and processes, including PCI DSS controls and processes
• Provide reporting to Management on anticipated compliance issues as they relate to PCI DSS, program risks, assumptions, issues and dependencies, and potential program enhancements
• Support, develop and/or sponsor any tools and technologies used in the PCI DSS Centre of Excellence program
• Ensure the efficiency and effectiveness of the PCI DSS processes, through regular review and reporting, understanding of good practice at other organizations, thought leadership and ongoing continuous improvement
• Assist the various team to ensure the remediation of vulnerabilities from internal as well as external scans are manage according the PCI DSS requirements
• Perform all of the above as they relate to Bell's affiliates and subsidiaries

Critical Qualifications

• Possesses a Payment Card Industry Professional (PCIP), Internal Security Assessor (ISA) or a Qualify Security Assessor (QSA) certification
• Possesses a Project Management Professional (PMP) certification.
• Knowledge of PCI DSS requirements both version 3.2.1 and version 4 and Information Security standard such as NIST framework, ISO 27001/2, ISF, CMMC, CIS CSC
• Professional Information Security Certification CISSP / CISA / CIA or similar
• Good understanding of Unix, Linux, Windows operating systems and databases
• Good understanding of networking systems configurations, including firewalls
• Good understanding of application architecture, software development lifecycle processes, including secure coding techniques
• Good understanding of server and infrastructure virtualization technologies, and cloud implementations across AWS, Azure, GCP
• Knowledge of Information Security concepts, including: Tokenization, Cloud technology, Risk Assessments, Vulnerability Scanning, Penetration Testing, Systems hardening, Physical security, Data encryption, File integrity monitoring, and log and monitoring

Preferred Qualifications

• Qualify Security Assessor (QSA) preferred, Payment Card Industry Professional (PCIP), Internal Security Assessor (ISA) certification may be considered.
• University degree / diploma in Computer Science or a field related to IT, IT Security or Information Technology, or a solid combination of education and experience
• 3+ years of Cyber/Information Security experience
• Experience in assessing complex client environments from a technological and security standpoint
• Experience in auditing IT systems is a definite asset
• Relationship management, communication, reporting and presentation skills are critical
• Ability to educate and influence others
• Leadership, organization, and planning ability
• Curious and passionate for continuous learning
• Ability to manage deadlines, priorities and accountabilities
• Ability to communicate through analysis and reporting
• Team player -collaborative, adaptive
• Professionalism, integrity, and respect for confidentiality
• Ability to analyze complex problems and discuss them in a simple, logical and thoughtful manner