Senior PCI Security and Compliance Analyst

As our Senior PCI Security and Compliance Analyst (PSCA) will serve as a subject matter expert and manage all aspects of Payment Card Industry Data Security Standard (PCI DSS) compliance requirements. You will oversee PCI DSS best practices and changes to requirements and provide consultative insight and risk reduction recommendations to comply with the standard. You will be accountable and responsible for providing expert risk analysis and information to business and risk management leadership. The role is charged with implementing and maintaining policies, as well as managing a comprehensive controls framework with industry requirements to ensure enterprise-wide PCI DSS compliance. 

This role can be based remotely across the UK, however living within commutable distance to our Cambridge office is a definite plus! If you’re based remotely, you will ideally be happy to travel to our Cambridge office several times throughout the year.

In this role, you will work closely with Information Security, IT, and Risk, and will be responsible for identifying, evaluating, and reporting on the state of PCI DSS. You will manage the annual PCI DSS lifecycle, including year-round efforts and the entire recertification process. In addition, you will keep pace with regulatory changes to ensure the company maintains PCI DSS compliance. 

Consulting 

• Act as the primary point of contact at Featurespace for all PCI-related requirements, initiatives, and external relationships
• Act as the main PCI DSS subject matter expert when internal team members have questions or need guidance and be the key liaison with external PCI advisory firms
• Work closely with technical leads on design and control implementation.  Guide technical teams and stakeholders to implement required controls to meet compliance.  Track project progress through implementation and validation. 
• Support business innovation initiatives, while ensuring PCI compliance is met
• Closely monitor and understand current and potential changes to the PCI DSS framework
• Maintain a high degree of knowledge of Featurespace’s current and proposed security changes which might impact PCI compliance and security industry best practices
• Liaison with Information Security, Risk, IT, third-party qualified security assessors, internal and external auditors, as well as the PCI governing body and PCI communities
• Guide team members to align with security and risk management leadership for ongoing PCI compliance assessments, as well as annual strategic technology and budgetary directives
• Possess general knowledge of networking, encryption, authentication, payment infrastructure and application security

Delivery 

• Manage the annual PCI DSS lifecycle, and the entire recertification process (QSA interactions, evidence collection and submission, coordinating and scheduling stakeholder meetings, etc.)
• Identify and document in-scope systems and applications for the PCI DSS cardholder data environment
• Maintain documentation and keep the state of PCI program compliance up to date
• Facilitate education and training for employees required to uphold PCI compliance or support PCI controls
• Continuously assess and validate cardholder data environment controls and monitoring
• Provide oversight on findings and require thorough documentation and recommendations
• Influence and validate PCI DSS controls and present status as required
• Support other information security compliance initiatives 
• Keep up to date with the latest security and technology developments
• Research and evaluate emerging security threats and ways to mitigate them
• Ensure all processes and controls that fall within your area of responsibility are operating effectively and are correctly evidenced

Must haves:

• Extensive experience in roles such as PCI ISA, PCI QSA, Security Analyst, Compliance Analyst, Risk Analyst, or Internal Audit
• Demonstrated proficiency in managing PCI DSS
• Strong experience working with and implementing successfully a range of security management and control frameworks such as PCI DSS, SOC2, NIST, and ISO 27000
• Strong project management, multitasking, and organisational skills
• Experience managing diverse technical and business unit teams, while promoting a positive, enterprise-wide security culture
• General understanding of networking, APIs, application security, encryption, identity and authentication, vulnerability management, threat intelligence, insider threats, attack surface, and attacker tactics
• Experience and knowledge of basic cloud security concepts, standards and virtualisation
• One or more of the following: PCIP, ISA, QSA, CISA, CRISC, CISSP

Great to haves

• Bachelor’s degree in Information Assurance, Computer Science, Engineering, or related field

Here at Featurespace we are committed to being a place of equality, inclusion and respect to provide a safe environment for you to bring your authentic self to work. We know that we gain as much strength from our differences as we do our similarities. We value diversity and are dedicated to listening and learning from each other to build and maintain a positive and productive culture. We appreciate this will be an ever-evolving focus for the business to ensure everyone feels supported and has a sense of belonging.