Information Security in PCI DSS
Dataflexnet is a PCI DSS level one payments processor. As such, our continual information security effort, related standards, policies, testing and procedures, are audited externally by PCI DSS qualified QSAs at least annually. Naturally, our clients audit us, we manage risks and mitigations together, in an open and transparent way.
We develop our own commercial payments services that are used by card schemes, banks, corporate, typically deployed within business to business or travel and expense payment space. Our custom software is aligned with PCI DSS best practice, that includes training, peer review of work, change control, and assessments of risk and ongoing maintenance of key documentation with operations.
As a small company we seek a person who is knowledgable with a natural aptitude for information security, they will be very organised, and a strong communicator.
Inline with their experience and ability, they can demonstrate information security relevant knowledge and experience in,
PCI DSS Level 1 and/or SAQ-D
Risk Assessment, Management, and Mitigation
Security Related Testing and Tools
Knowledge of PEN, ASV, ISV and/or Related Activities
Surface Area of Attack Assessments
Threat Modelling and Mitigation
oWasp and CWE
Shared Responsbility Models and Matrixes
Related Consideration that inlude PII
Our custom software technology, a person who can participate in technical reviews at each stage would be a bonus,
C# .NET 4.5+ - .NET Core 2+
Website, API, Mobile, and Security Related Protocols Including OpenId Connect v1 and oAuth2
Use of Ciphers, Encryption, Signatures, Hashing, Masking, Padding, and Key Management
SQL Server 2016-2017, SQL, Migrations, Linq, Procedures, Functions, and Entity Framework
IIS, Kestral, Middleware (.NET)
Dataflexnet card holder data environments are either traditional co-location or AWS based, subject to the usual controls that PCI DSS requires of us, stuff that is just good practice, those include controls around networking, season based and change control initiated testing, patching and updates, hardened baselines, all as examples.
The ideal candidate, whilst well versed in the information security, will be interested technology generally, they will be agile minded, enthusiastic, and able to coherently present strong ideas and sustainable solutions. PCI DSS knowledge is critical.
Responsibilities, to the best of your ability, accountable to the team, company and client,
Orchestrate PCI DSS audit assessments to ensure staff know what is required, when, and in close callaboration with external auditors.
Learn, share, and mentor staff in positive and constructive ways risks, ideas, methods, technology, etc., contribute to the overall training effort, supporting a continual development.
Improve standards, guidelines, policy and processes, and, conduct internal audits, reporting back to the business, and manage non-compliance.
Orchestrate PEN, ASV, ISV, etc. related testing and manage non-compliance and/or mitigations and participate in the change control process as such.
Contribute at all hands meetings (monthly) with a focus on information security.
Orchestrate security incident response as required.
You need to be fluent in the English language, spoken and written, but those skilled in other languages within Europe and East Asia is a real plus too.
In addition to enjoying your time spent at dataflexnet ( more here ) ,
Competitive salary according to fit, skill, experience, and position (40-60k)
24 Days Holiday (plus national holidays) increasing with length of service
Personal training budget focused on PCI DSS and/or information security certification
Gain valuable experience working within a global Fintech business that can support related professional qualifications
As Dataflexnet is a member of Digital Manchester, you will receive from Digital Manchester, free membership, free or discounted access to events, and benefit discounts.
If you are interested then send us a note and CV to email@example.com.