LHH Technology is on the lookout for a highly skilled Senior IT Security Engineer to lead the development, maintenance, and oversight of our information security infrastructure. This critical role focuses on ensuring adherence to key standards, particularly the Payment Card Industry Data Security Standards (PCI DSS). As a key player, you will spearhead IT security assessments, drive security initiatives, and manage relationships with security service providers. This role demands a blend of strategic oversight and hands-on expertise in security infrastructure, compliance, and risk management.
Key Responsibilities:
- Conduct comprehensive internal assessments and audits to ensure adherence to PCI DSS and other security standards.
- Develop, implement, and maintain a robust PCI compliance program, including all relevant policies, procedures, and documentation.
- Oversee and manage the organization’s security infrastructure to ensure resilience against potential threats.
- Act as the primary liaison with external Qualified Security Assessors (QSAs) during PCI DSS assessments and facilitate the remediation of any identified gaps.
- Provide guidance on secure payment processing practices and train staff on PCI DSS requirements.
- Monitor updates to PCI DSS standards and implement necessary changes across the organization.
- Manage the performance and effectiveness of the company’s managed information security service provider.
- Prepare and manage Reports on Compliance (ROCs) and Self-Assessment Questionnaires (SAQs) for PCI DSS reporting.
- Generate and audit monthly vulnerability reports, quarterly network scans, and bi-annual penetration tests.
- Collaborate with the legal department to ensure IT security compliance and governance for external service providers and vendors.
- Develop and maintain a comprehensive incident response plan for breaches involving cardholder data.
Required Qualifications:
- Bachelor’s degree in Information Technology, Information Security, Computer Science, or a related field with 8+ years of experience in information security, specifically focusing on PCI DSS compliance, OR 12+ years of experience in information security with a strong emphasis on PCI DSS compliance.
- Minimum of 6 years of experience with security tools and technologies for security and compliance monitoring.
- Extensive knowledge of information security principles, vulnerability scanning, remediation, reporting, data protection laws, and payment industry standards.
- Strong analytical, problem-solving, and decision-making skills.
- Advanced expertise in IT security related to cloud infrastructure (Azure, AWS, Google Cloud), networks, databases, application security, firewalls, MFA mechanisms, and identity/access management.
- Experience with Qualys for PCI DSS compliance and endpoint security tools such as Palo Alto Cortex, CrowdStrike, Symantec, and MS Defender.
Preferred Qualifications:
- Professional certifications such as PCI ISA (Internal Security Assessor), PCIP (PCI Professional), CISSP, CISM, CISA, NIST, or HIPAA are highly desirable.
Work Schedule:
- Hybrid: Onsite Tuesday and Thursday; remote Monday, Wednesday, and Friday. Flexibility to be onsite on other days as needed.
Compensation:
- $155,000 - $170,000 annually, based on experience, skills, and certifications.
COVID-19 Vaccination Policy:
- Full COVID-19 vaccination is required unless exempt for medical or religious reasons. Proof of vaccination will be required before the start date.
Application Process:
- Interested candidates are encouraged to apply promptly, as the position is actively being filled. Final candidates will have the opportunity to interview with senior management and other key stakeholders.
Equal Opportunity: LHH Technology is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment where all employees can thrive.