Full Time Job

Senior PCI Engineer


Sterling, VA 03-17-2021
Apply @ Employer
  • Paid
  • Full Time
  • Mid (2-5 years) Experience
Job Description

Our Team

As the Discovery Inc. portfolio continues to grow – around the world and across platforms – the Global Technology & Operations (GT&O) team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business and technology systems that are critical for delivering Discovery's products, while articulating the long-term technology strategy that will enable Discovery's growing pay TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.

Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery Communications. In light of the constant threats to and attacks against companies and industries across the globe, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets and data from our internal infrastructure for the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.

The Role

The mission of the PCI program at Discovery is to protect our security posture and ensure that all of our applications and platforms that handle payment data are PCI compliant and conform to the PCI-DSS (Data Security Standards) as well as other PCI standards, where applicable.

We are looking for a leader to join our team to ensure we meet these compliance goals. This person will be a technically savvy person who likes to solve issues and drive outcomes.

• Act as the primary technical liaison and subject matter expert between internal teams and external assessors

• Review data flows and architecture for new and existing products to determine scope and relevance for PCI compliance

• Provide technical controls expertise to the PCI team during external and internal assessments

• Address technical inquiries from control owners that are submitted pertaining to PCI
• Knowledge about new technologies and environments that impact PCI (e.g. Private/Hybrid/Public Cloud, PAN masking and tokens, expanded account ranges, 3DS, etc.)

• Assist global application teams develop and implement technical remediation strategies and compensating controls

• Participate in maturing the program to meet new requirements and rapid growth

• Representing Information Security in long term technical projects that are in scope for PCI requirements to ensure compliance with applicable standards

• Communicate security risks and gaps related to PCI requirements to stakeholders and executive management

• This hands-on role involves technical security assessments of applications and infrastructure, reviews of security design and operational effectiveness, and performance of risk assessments

• Review security architecture of applications and determine PCI relevance

• Assess controls and compliance to requirements from the hardware to the application layers

• Employ strong research and problem-solving skills

• Interpret and apply PCI standards to new and existing technologies

• Identify, communicate, and assess security gaps

• Communicate business risk to stakeholders

• Understand security findings (from vulnerability and penetration tests) and develop remediation strategies

• Evaluate compensating controls for reducing risk

• Lead technical meetings

• Work in slightly chaotic, rapidly growing environment

• Work both independently and as part of a very cohesive team

• Execute medium and large sized IT and information security risk and compliance assessments, PCI assessments, audits, gap analyses, and remediations

• Actively lead projects in the areas of PCI-DSS and PA-DSS

• Communicating with project stakeholders to effectively convey requirements of technical controls and process improvements

• Apply in-depth knowledge of IT security and various frameworks (i.e CobiT, NIST, ISO, CIS, etc.)

• Experience in managing policy exceptions, including working directly with stakeholders to document exceptions, identify compensating controls and corrective action plans

• Communicate effectively across business and technical boundaries

• Be proficient in writing executive level reports and technical documentation

Working Knowledge
• PCI standards and requirements

• Latest information security protocols and standards

• Security controls, especially those that impact PCI (encryption, access, vulnerability testing, etc.)

• Security prevention and detection systems and other security event management systems

• Data structures and classifications

• Organization-specific policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems and infrastructure

• Compliance: regulatory, privacy, international laws and statutory requirements

• Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies

• Governance: vendor management, policy frameworks, control design and security design/architecture

• Security architecture: infrastructure, network and systems design

• PCI: knowledge of and hands-on experience with PCI audits and PCI attestations

Education and Experience
• Must be a certified PCI-QSA (Qualified Security Assessor), PCI Professional, or Internal Security Assessor or have held the certification within the last three (3) years

• Hold at least one other Security, Risk or IT certification (i.e., CRISC, CISA, CISM, CISSP, or ISO 27001)

• Associate's, Bachelor's, or Master's degrees are a plus

• Minimum 4 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field

Nearest Major Market: Washington DC

Company Profile

Discovery, Inc. is the global leader in real life entertainment. We serve passionate fans with content that inspires, informs, and entertains, providing leadership across deeply loved and trusted brands, such as Discovery Channel, TLC, Animal Planet, HGTV, Food Network, and Travel Channel.