University Director of Payment Card Industry Compliance
Reporting directly to the University Treasurer, and working closely the University's and college's IT departments and the Office of General Counsel, the primary responsibility of this role is to achieve and maintain compliance with the Payment Card Industry (PCI) standards across the University.
- Actively participates in contributing and carrying out information security, privacy and disaster recovery policy as it pertains to PCI.
- Construct and provide regular training to the University's credit card merchants, IT staff and other pertinent staff on PCI compliance.
- Develop and implement procedural reviews of various and complex cardholder data environments.
- Develops and maintains guidelines, policies and procedures related to information security, payment card acceptance, PCI compliance and cardholder data access.
- Documents the existence of all cardholder data to verify that no card holder data exists outside of the defined cardholder data environment.
- Ensure the correct Self-Assessment Questionnaire (SAQs) and Attestations of Compliance are accurately completed by each merchant.
- Identifies and understands best practices around security and PCI compliance.
- Identifies existing credit card merchants; and develops formal processes for adding new merchant IDs and/or expanding credit card access.
- Manage and lead team efforts to develop, maintain and comply with enterprise information security policy with regards to PCI.
- Manages information security processes to ensure PCI compliance; ensures documentation is up to PCI standards.
- Provides expertise and oversight to key business liaisons as well as information security team members in a leadership role.
- Serve as a university resource providing expertise on PCI compliance.
- Subject matter expert on the procedures surrounding the processing, storing, and transmitting cardholder data, and identifies and neutralizes risk areas for each merchant.
- Validates the University's compliance with IT security, payment card acceptance, PCI compliance and cardholder data access policies and procedures on a routine basis, and work with merchants to implement any corrective actions identified during such reviews.
- Work with IT to regularly test systems and processes to track and monitor access to resources containing cardholder data.
- Works closely with IT in the Central Office and on the campuses to review and help architect new and existing software applications that handle, process or store payment card data.
- Other duties as assigned.
Bachelor's Degree and eight years' related experience required.
Desired skills and experience:
- Ability to understand vulnerability reports, penetration test results and technical security reports required.
- Advanced presentation skills required to present to all levels of leadership.
- An understanding of network and system segmentation and zoning practices commonly used to limit the scope of PCI compliance.
- CISSP, CISA, CISM; or QSA, ISA designations are preferred.
- Excellent Excel and PowerPoint skills required.
- Excellent verbal and written communication and partnering skills.
- Expert knowledge in ISO security standards domains.
- Expert level knowledge of Payment Card Industry (PCI) standards.
- Previous experience in leading Qualified Security Assessor audits required, either as an Internal Security Assessor or in a QSA client engagement.
CUNY TITLE OVERVIEW
Directs financial and administrative operations of a College or major program.
- Oversees financial resources in a fiscally responsible manner and complies with various legal regulations and University policies
- Develops financial forecasting models to support strategic planning aligned with goals and initiatives
- Recommends and implements strategic college-wide policies to ensure financial compliance is maintained
- Oversees business analyses, budget projections, allocations, financial statements, and statistical reports
- Develops and manages relationships in regard to fiduciary responsibilities with external institutions, including government agencies, corporations, and funding entities
- Performs related duties as assigned.
Higher Education Officer
COMPENSATION AND BENEFITS
Salary commensurate with education and experience.
CUNY's benefits contribute significantly to total compensation, supporting health and wellness, financial well-being, and professional development. We offer a range of health plans, competitive retirement/pension benefits and savings plans, tuition waivers for CUNY graduate study and generous paid time off. Our staff also benefits from the extensive academic, arts, and athletic programs on our campuses and the opportunity to participate in a lively, diverse academic community in one of the greatest cities in the world.
HOW TO APPLY
For full consideration, submit a cover letter and rsum online via CUNY's web-based job system, addressing how your experience and credentials fulfill the responsibilities and qualifications outlined.
The direct link to the job opening from external sources is:
May 28, 2017
JOB SEARCH CATEGORY
CUNY Job Posting: Managerial/Professional
EQUAL EMPLOYMENT OPPORTUNITY
CUNY encourages people with disabilities, minorities, veterans and women to apply. At CUNY, Italian Americans are also included among our protected groups. Applicants and employees will not be discriminated against on the basis of any legally protected category, including sexual orientation or gender identity. EEO/AA/Vet/Disability Employer.
Location: Central Office
Job Title: University Director of Payment Card Industry Compliance
Job ID: 16679
Full/Part Time: Full-Time