You are viewing a preview of this job. Log in or register to view more details about this job.

Sr. IT Analyst

Circle K is seeking a transformation, technology savvy PCI IT Analyst for North America with a track record of providing operational and tactical direction within PCI, PII, PHI, etc. This position provides centralized coordination and support for the many elements of a distributed security infrastructure. This position will use and apply the knowledge of various technologies to help Circle K meets its business requirements in a secure manner while managing risk.
Candidate also serves as a key resource for the GRC areas including PCI audits and Data Privacy. The candidate must be a team oriented self-motivator with good interpersonal skills and the ability to discuss complex security requirements in simple non-technical terms.
The position works closely with teams in other information security disciplines, business capability owners, application development, technology support and operations to provide guidance on the compliance and protection of the Circle K information assets. Participate in the planning, design, installation, and maintenance of security systems in support of security policies. Work with Global Technology staff and business units to assess risk and address security issues.
Essential Duties and Responsibilities (Not intended to be all inclusive):
· Works with the PCI NA Program and performs assessment, audits, attestations and remediation.
· Architects, designs, implements, maintain and operate information system security controls and countermeasures.
· Analyzes and recommends security controls and procedures in acquisition, development, and change management life cycle of information systems.
· Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets.
· Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
Experience
· Participate in both internal and external audits to ensure compliance with all industry-mandated regulations.
· Manage compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures.
· Assist Legal and Technology organizations with all required compliance/security-related documentation. Ensure documentation is standardized, updated and organized.
· Participate in the development and implementation of new business initiatives involving compliance to ensure functionality required to support required compliance.
· Provide guidance to business functions on compliance/security-related matters.
· Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
· Initiate improvement activity to reduce risk, ensure compliance, lower cost, and improve quality within IT processes.
· Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.
· Refine and revise existing policies and procedures to support internal and external compliance programs. Author new policies and procedures and ensure adequate training for adherence by employees.
· Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
· Deliver findings, recommendations and remediation steps for all activities, in a clear, concise and audience-specific format.
· Perform periodic security risk assessments and advise business stakeholders on best practices to reduce risk and overall breach profile.
· Demonstrated knowledge and understanding of relevant legal and regulatory requirements, including Payment Card Industry/Data Security Standard (PCI DSS), Money Transmitter regulations, the Health Insurance Portability and Accountability Act (HIPAA), and IT and Data Security.
Education
· Bachelor’s degree in information technology or directly related field, 4 years of professional experience related to assignment.
OR
· An equivalent combination of education and experience sufficient to successfully perform the essential duties of the job such as those listed above, unless otherwise subject to any other requirements set forth in law or regulation.
Certifications, Licenses, Registrations
· Accessor Certification as issued by PCI is preferred but not required.
· CISSP certification is preferred but not required.
· Detailed knowledge of the PCI-DSS standards and compliance requirements.
Skills Required
1. Ability to conduct the PCI Program tasks such as assessment, attestations, remediations and audits. Required 2 Years
2. Demonstrated knowledge and understanding of relevant legal and regulatory requirements around Payment Card Industry/Data Security Standard (PCI DSS). Required 2 Years
3. Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems. Required 4 Years.
4. Participates in both internal and external audits to ensure compliance with all industry-mandated regulations. Required 2 Years
5. Assist Legal and Technology organizations with all required compliance/security-related documentation. Required 2 Years.
6. Refine and revise existing policies and procedures to support internal and external compliance programs. Required 2 Years
#LI-KL1

 

Circle K is an Equal Opportunity Employer.

The Company complies with the Americans with Disabilities Act (the ADA) and all state and local disability laws. Applicants with disabilities may be entitled to a reasonable accommodation under the terms of the ADA and certain state or local laws as long as it does not impose an undue hardship on the Company. Please inform the Company’s Human Resources Representative if you need assistance completing any forms or to otherwise participate in the application process.

Click below to review information about our company's use of the federal E-Verify program to check work eligibility: