Payments Card Industry PCI Program Manager

at Bank of America
Location College Park, GA
Date Posted January 6, 2022
Category Default
Job Type Full-time

Description

Job Description:

Position Summary

Goal: Prepare the organization to become level 1 PCI DSS Compliant.
 
The Payments Card Industry PCI Program manager will function in a matrix responsibility environment, where representatives from the lines of business and organizational departments will be responsible for meeting PCI compliance in their respective areas.
 
The PCI Program manager will manage and drive the PCI Program forward by collaborating with internal stakeholders, service providers (as needed), and external Qualified Security Assessor (QSA).
 
Expected responsibilities but not limited to:
• Develop and maintain PCI baseline requirements used in the evaluation, testing and assessment
• Draft policies/procedures that govern the security of BofA PCI data within Merchant Services across the enterprise with a specific focus on compliance requirements.
• Design, lead and execute a PCI compliance program focused on PCI data handling across the enterprise.
• Review cyber security risks and threats, analyze the impact to various audiences, and determine how to communicate the important information.
• Interact with teammates and stakeholders to drive initiatives to conclusion.
• Communicate plans and results to stakeholders and leaders, gain buy in.
• Prepare data and responses for audit and regulatory inquiries; manage risk issues and ensure status of issue remediation is tracked/communicated.
• Identify/Develop KPI’s.
• Track compliance progress and monitoring of Service Providers to a CDE.
• Partner with Procurement to include PCI responsibility wording in agreements
• Perform program reporting responsibilities when PCI Steering Committee is formed.
• Work alongside operational risk partners to prepare, document and present Issues, Risk and Status
• Update C-level executives and upper management with reports as needed/requested.
• Manage and lead relevant short-term activities.
• Provide input and feedback in QSA progress update and issue resolution
• Maintain IT Program Status Report weekly
• Prepare Program update and align to overall business and IT metrics.
• Lead PCI Program meeting and checkpoint daily

Required Skills/ Background

• Bachelor’s degree in Computer Science, Information Technology or relatable area --OR -- Equivalent and Relevant Work Experience.
• 8+ years of experience in a similar role
• Lead and completed 8+ large organization PCI Assessments
• Detail knowledge of PCI Requirement and supplemental information
• Leadership experience in influencing Stakeholders, business, technology and other key partners in a matrixed business organization
• Demonstrated professional experience in Finance
• Demonstrated professional experience in Information Technology
• Demonstrated professional experience in Technology Program reporting to executive management
• Experience working with Information Security, Corporate Risk, Corporate Audit/ Corporate Compliance and/or Qualified Security Assessor QSA’s
• Demonstrated ability to use multiple SOR’s and record deliverables
• Knowledge of Payments or Financial Services space
• Experience delivering large technology projects/ technology programs with significant impact to multiple lines of business, that may have cross-functional or inter-departmental implications

Desired Skills Background

• Agile experience strongly desired
• Merchant services industry experience preferred
• CISSP, CISA, CISM, PCI QSA/ISA Certifications preferred

About this Bank of America Payments Technology team:
Bank of America in April 2021 acquired Axia Technologies, Inc. (“AxiaMed”), an industry-leading, cloud based health care payment and technology company focused on facilitating secure patient payments.
Established in 2015, AxiaMed provides a gateway and terminal software solution, powering many healthcare providers to offer end-to-end, omni-channel patient payment solutions. Its integrated offerings help the financial performance of healthcare providers by expanding the payment options available to patients and streamlining administrative workflows.
Bank of America has been developing its proprietary merchant services solutions over the past year that will better serve the payment needs of clients across all business lines. The platform leverages innovations such as real-time payments and best-in-class digital capabilities to provide essential functions such as merchant acquiring, payments processing and settlement, along with value-added services such as analytics and security solutions.

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

-->

Job Description:

Position Summary

Goal: Prepare the organization to become level 1 PCI DSS Compliant.
 
The Payments Card Industry PCI Program manager will function in a matrix responsibility environment, where representatives from the lines of business and organizational departments will be responsible for meeting PCI compliance in their respective areas.
 
The PCI Program manager will manage and drive the PCI Program forward by collaborating with internal stakeholders, service providers (as needed), and external Qualified Security Assessor (QSA).
 
Expected responsibilities but not limited to:
• Develop and maintain PCI baseline requirements used in the evaluation, testing and assessment
• Draft policies/procedures that govern the security of BofA PCI data within Merchant Services across the enterprise with a specific focus on compliance requirements.
• Design, lead and execute a PCI compliance program focused on PCI data handling across the enterprise.
• Review cyber security risks and threats, analyze the impact to various audiences, and determine how to communicate the important information.
• Interact with teammates and stakeholders to drive initiatives to conclusion.
• Communicate plans and results to stakeholders and leaders, gain buy in.
• Prepare data and responses for audit and regulatory inquiries; manage risk issues and ensure status of issue remediation is tracked/communicated.
• Identify/Develop KPI’s.
• Track compliance progress and monitoring of Service Providers to a CDE.
• Partner with Procurement to include PCI responsibility wording in agreements
• Perform program reporting responsibilities when PCI Steering Committee is formed.
• Work alongside operational risk partners to prepare, document and present Issues, Risk and Status
• Update C-level executives and upper management with reports as needed/requested.
• Manage and lead relevant short-term activities.
• Provide input and feedback in QSA progress update and issue resolution
• Maintain IT Program Status Report weekly
• Prepare Program update and align to overall business and IT metrics.
• Lead PCI Program meeting and checkpoint daily

Required Skills/ Background

• Bachelor’s degree in Computer Science, Information Technology or relatable area --OR -- Equivalent and Relevant Work Experience.
• 8+ years of experience in a similar role
• Lead and completed 8+ large organization PCI Assessments
• Detail knowledge of PCI Requirement and supplemental information
• Leadership experience in influencing Stakeholders, business, technology and other key partners in a matrixed business organization
• Demonstrated professional experience in Finance
• Demonstrated professional experience in Information Technology
• Demonstrated professional experience in Technology Program reporting to executive management
• Experience working with Information Security, Corporate Risk, Corporate Audit/ Corporate Compliance and/or Qualified Security Assessor QSA’s
• Demonstrated ability to use multiple SOR’s and record deliverables
• Knowledge of Payments or Financial Services space
• Experience delivering large technology projects/ technology programs with significant impact to multiple lines of business, that may have cross-functional or inter-departmental implications

Desired Skills Background

• Agile experience strongly desired
• Merchant services industry experience preferred
• CISSP, CISA, CISM, PCI QSA/ISA Certifications preferred

About this Bank of America Payments Technology team:
Bank of America in April 2021 acquired Axia Technologies, Inc. (“AxiaMed”), an industry-leading, cloud based health care payment and technology company focused on facilitating secure patient payments.
Established in 2015, AxiaMed provides a gateway and terminal software solution, powering many healthcare providers to offer end-to-end, omni-channel patient payment solutions. Its integrated offerings help the financial performance of healthcare providers by expanding the payment options available to patients and streamlining administrative workflows.
Bank of America has been developing its proprietary merchant services solutions over the past year that will better serve the payment needs of clients across all business lines. The platform leverages innovations such as real-time payments and best-in-class digital capabilities to provide essential functions such as merchant acquiring, payments processing and settlement, along with value-added services such as analytics and security solutions.

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:
Position Summary

Goal: Prepare the organization to become level 1 PCI DSS Compliant.
 
The Payments Card Industry PCI Program manager will function in a matrix responsibility environment, where representatives from the lines of business and organizational departments will be responsible for meeting PCI compliance in their respective areas.
 
The PCI Program manager will manage and drive the PCI Program forward by collaborating with internal stakeholders, service providers (as needed), and external Qualified Security Assessor (QSA).
 
Expected responsibilities but not limited to:
• Develop and maintain PCI baseline requirements used in the evaluation, testing and assessment
• Draft policies/procedures that govern the security of BofA PCI data within Merchant Services across the enterprise with a specific focus on compliance requirements.
• Design, lead and execute a PCI compliance program focused on PCI data handling across the enterprise.
• Review cyber security risks and threats, analyze the impact to various audiences, and determine how to communicate the important information.
• Interact with teammates and stakeholders to drive initiatives to conclusion.
• Communicate plans and results to stakeholders and leaders, gain buy in.
• Prepare data and responses for audit and regulatory inquiries; manage risk issues and ensure status of issue remediation is tracked/communicated.
• Identify/Develop KPI’s.
• Track compliance progress and monitoring of Service Providers to a CDE.
• Partner with Procurement to include PCI responsibility wording in agreements
• Perform program reporting responsibilities when PCI Steering Committee is formed.
• Work alongside operational risk partners to prepare, document and present Issues, Risk and Status
• Update C-level executives and upper management with reports as needed/requested.
• Manage and lead relevant short-term activities.
• Provide input and feedback in QSA progress update and issue resolution
• Maintain IT Program Status Report weekly
• Prepare Program update and align to overall business and IT metrics.
• Lead PCI Program meeting and checkpoint daily

Required Skills/ Background

• Bachelor’s degree in Computer Science, Information Technology or relatable area --OR -- Equivalent and Relevant Work Experience.
• 8+ years of experience in a similar role
• Lead and completed 8+ large organization PCI Assessments
• Detail knowledge of PCI Requirement and supplemental information
• Leadership experience in influencing Stakeholders, business, technology and other key partners in a matrixed business organization
• Demonstrated professional experience in Finance
• Demonstrated professional experience in Information Technology
• Demonstrated professional experience in Technology Program reporting to executive management
• Experience working with Information Security, Corporate Risk, Corporate Audit/ Corporate Compliance and/or Qualified Security Assessor QSA’s
• Demonstrated ability to use multiple SOR’s and record deliverables
• Knowledge of Payments or Financial Services space
• Experience delivering large technology projects/ technology programs with significant impact to multiple lines of business, that may have cross-functional or inter-departmental implications

Desired Skills Background

• Agile experience strongly desired
• Merchant services industry experience preferred
• CISSP, CISA, CISM, PCI QSA/ISA Certifications preferred

About this Bank of America Payments Technology team:
Bank of America in April 2021 acquired Axia Technologies, Inc. (“AxiaMed”), an industry-leading, cloud based health care payment and technology company focused on facilitating secure patient payments.
Established in 2015, AxiaMed provides a gateway and terminal software solution, powering many healthcare providers to offer end-to-end, omni-channel patient payment solutions. Its integrated offerings help the financial performance of healthcare providers by expanding the payment options available to patients and streamlining administrative workflows.
Bank of America has been developing its proprietary merchant services solutions over the past year that will better serve the payment needs of clients across all business lines. The platform leverages innovations such as real-time payments and best-in-class digital capabilities to provide essential functions such as merchant acquiring, payments processing and settlement, along with value-added services such as analytics and security solutions.

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Drop files here browse files ...