Security Compliance Specialist
We are looking for a Security Compliance Specialist that would be coordinating the numerous components of our PCI (Payment Card Industry) programs in addition to Cryptographic Key Management.
A core part of this is our PCI P2PE certified payment solution has been validated with widely deployed attended and unattended encrypted terminals, used globally in industries as diverse as retail, hospitality, parking, transportation ticketing and vending. It operates in conjunction with NMI's PCI DSS Level 1 certified, EMV-capable payment gateway for ultra-high reliability transaction processing with unrivalled security. The Security Compliance Specialist would work closely with our Product Management team and other stakeholders to deliver new solutions and designated changes where applicable.
NMI maintains PCI P2PE, PCI DSS and PCI PIN certifications which are audited by external auditors on a regular basis. The role is not limited to just these certifications and the successful candidate will also be responsible for coordinating and managing our Cryptographic Key processes in accordance with the applicable standards in addition to other Security Compliance responsibilities.
The role is a great opportunity to be involved in delivering the highest levels of security that our customers demand on a global basis.
NMI develops the most trusted payment software for mobile, online and in-store that is relied on in 38 countries, 24 hours a day, 365 days a year. With offices in Bristol, Chicago, Salt Lake City and New York, our payment technology powers millions of customers worldwide, ensuring they can take payments worth billions, securely and reliably. You've probably used our software when ordering a burger, paying for parking or booking a train ticket - without realising it!
What will I be doing?
PCI P2PE/PIN Solution implementation:
- Understand and document each Service Provider and Component Provider PCI product, processes and integration into the NMI PCI P2PE/PIN solutions
- Definition and documentation of the internal processes associated with solution maintenance, including ensuring a concise and traceable tracking system for the entire PCI P2PE/PIN estate is implemented
- Ensure NMI’s contractual responsibilities are fulfilled through a thorough knowledge of all associated contracts and agreements
- Liaise with a QSA for all activities above to ensure compliance will be achieved
- Training of Sales, Live Support, Integration Support to ensure thorough knowledge of NMI’s PCI P2PE/PIN solution, implementation requirements and impact on Merchants
- Training of the wider NMI staff to ensure a base-level understanding of PCI P2PE/PIN and PCI DSS
- Compliance Risk Management activities performed as appropriate on all aspects of NMI’s Solution implementation
- Ensure all associated fees and invoices are paid for solution implementation on schedule
PCI P2PE/PIN solution maintenance:
- Perform quarterly audits as per the PCI P2PE standard
- Fulfil the annual reporting requirements as a solution Provider
- Ensure NMI stand-alone PCI P2PE Decryption Environment reporting responsibilities are fulfilled
- Ensuring Service Provider and Component Provider reports are scheduled and received
- Be the POC for all Solution Service Provider and component enquiries
- Track all Component Provider components and reassessment for continued compliance
- Ensuring NMI’s PCI P2PE Solution and Decryption Environment Component are continually certified and listed with the PCI P2PE
- Liaise with a QSA as required to ensure all tasks are fulfilled for solution maintenance, with no non-compliance
- Ensure that we proactively start renewal processes in good time.
PCI P2PE/PIN solution support:
- Act as the technical POC for all internal enquiries and provide guidance and resources where required
- Act as the subject matter expert for all Product Management activities
Do I have what it takes?
- An unusual level of attention to detail
- Strong project management skills
- A strong desire to learn and develop your knowledge around Information Security
- Proactive rather than reactive
As well as being a part of something exciting every day, you will also receive the following benefits:
- Competitive salary
- 25 holiday days each year (+ bank holidays + 1 day after each year of service with up to a max. of 30 days)
- Work-life balance with our Flexi-time policy
- 7 hours per day, 35 hours per week
- Annual bonus scheme
- A chance to develop with an allocated company training budget
- Private health insurance
- Bike2Work Scheme (government-backed cycle to work scheme)
- Workplace pension scheme
- Perkbox subscription - discounts on gyms, restaurants, high st retailers, cinema tickets etc
- Free fruit delivered to the office
- Great central BS1 location with one of the best views in Bristol!
We’re looking for creative and passionate people who share our vision of making payments easy. If that sounds like you and you meet the requirements above, then get in touch!
Please be aware that all offers of employment are made subject to receipt of satisfactory background and financial checks.
Please be aware that NMI does not operate a licence for the sponsorship of those who are not already eligible to work within the UK. Unfortunately, therefore we cannot process any application from individuals unable to provide documentary evidence of their eligibility to commence work in the UK. For further information on the necessary eligibility documents please click here: http://bit.ly/1lbaGUx