PCI Penetration Testing Analyst

Through our dedicated associates, Conduent delivers mission-critical services and solutions on behalf of Fortune 100 companies and over 500 governments – creating exceptional outcomes for our clients and the millions of people who count on them. We are a business process and service company.

Why Conduent:

You'll have an opportunity to work on innovative technology while being surrounded by a culture that recognizes each person's contributions. Each day you'll feel challenged and know you are making a difference. At Conduent, we believe everything touches everything -and to that end we value our work and each other in the process, making it an award winning place to work. In 2021, we won Best Places To Work, Best Global Culture and Best HR Team.

You have an opportunity to personally and professionally thrive, make a difference, and be part of a culture where individuality and participation is valued.

JobDescription:

The ETS Regulatory Compliance team is seeking a PCI Penetration Testing Analyst who will ensure we provide the technology and business teams with world class governance, regulatory adherence and compliance with our security policies across all systems and environments. The ETS Regulatory Compliance team is charged with cultivating an organization that drives ongoing PCI certifications and attestations through IT security controls and policy compliance. This Security & Compliance Manager will partner and engage with our technology and business teams, build long-term relationships both internally and externally, and support large-scale compliance and certifications which align with our security posture.

• Be an integral part of a team of PCI Compliance experts.
• Be part of a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables
• Partner and collaborate with business and technology teams to develop actionable solutions for security compliance, certifications, and governance
• Play a key role in the creation, revisions and ongoing compliance processes which support our security policies and controls to meet PCI DSS requirements.
• Expand into other security and compliance areas such as HIPAA, HITRUST, and SOC.

• Hands on experience with PCI Compliance (e.g. Data Security Standards, auditing, penetration and application testing, certifications, and attestations)
• Knowledge of current security controls and landscape including traditional data center and cloud computing platforms
• Self-motivated and with a demonstrated ability to work autonomously and manage a wide variety of work streams simultaneously, and under deadline
• Experience evaluating vulnerabilities to identify risk & recommend proper remediation to technical, app dev & business personnel.
• A thorough understanding of network segmentation in support of PCI DSS scoping.
• Experience with running various penetration testing tools & methodologies in a complex network environment.
• The ability to identify security solutions and processes in support of PCI DSS compliance (e.g. vulnerability management, patching, SIEM, FIM)
• Knowledge of infrastructure security assessments (network devices/servers/databases) against industry accepted hardening standards (CIS, NIST)
• Demonstrated knowledge of security industry standards, privacy regulations, compliance testing and leading practices (e.g. PCI, HIPAA, HITRUST, NIST, GDPR)
• Experience working in security and compliance teams, and ability to present to senior management and large groups
• Must be able to simplify security and technical concepts for laypersons within our business and technology teams
• Exposure to security systems and process with a background in Fintech, Transportation, Healthcare industries a plus
• Minimum ten (10) years of information security experience, auditing and/or compliance in increasing responsible roles required
• Prior experience as a PCI certified QSA or ISA.
• Current Professional certification in information security or compliance (e.g., CISSP, CISM, or CISA) a plus

#Techjobs