Security Analyst – SOX & PCI

Location: West Pittsburgh, PA

Job Type: Full Time / Permanent

In this role, the candidate will collaborate with technology and business personnel in support of the Information Security Governance, Risk and Compliance team. Specifically, the candidate will be responsible for evaluating and facilitating PCI compliance requirements for the company and its subsidiaries and for assisting Technology stakeholders with SOX compliance activities. As required, the candidate may also have responsibilities in other areas supporting Information Security Governance, Risk and Compliance.

The candidate must be able to reliably achieve program objectives, address uncertainty, and act with integrity. The candidate will need to maintain an awareness of controls and existing/proposed security standards and how they affect the company environment. The candidate will identify areas of information security risk within the organization and assist in the translation of this risk to internal business partners The candidate should have knowledge of information security governance, risk, control, PCI, SOX, and the ability to apply these concepts within their work environment.

Education & Experience:

  • Bachelor’s Degree
  • 3-5 years of experience
  • Management Information Systems, Computer Science, Business PCI Data Security Standard (DSS); SOX 404; NIST Cybersecurity Framework (CSF); Technology governance, risk, and compliance
  • Support PCI compliance for the company and its subsidiaries through periodic review of compliance with control requirements, performance of self-assessments and assistance with external assessments, implementation and maintenance of control requirements in a GRC system, and evaluating changes to the PCI cardholder data environment as they occur.
  • Support SOX compliance for Technology stakeholders through facilitation of key control activities, review and guidance on documentation requirements, and assistance with internal and external audit requests.
  • Support the security awareness program through creation of training content/communications and monitoring compliance
  • Partner with business and IT teammates as a trusted advisor on information security governance, risk, and compliance matters as required