Information Security in PCI DSS

Dataflexnet is a PCI DSS level one payments processor. As such, our continual information security effort, related standards, policies, testing and procedures, are audited externally by PCI DSS qualified QSAs at least annually. Naturally, our clients audit us, we manage risks and mitigations together, in an open and transparent way.

We develop our own commercial payments services that are used by card schemes, banks, corporate, typically deployed within business to business or travel and expense payment space. Our custom software is aligned with PCI DSS best practice, that includes training, peer review of work, change control, and assessments of risk and ongoing maintenance of key documentation with operations.

As a small company we seek a person who is knowledgable with a natural aptitude for information security, they will be very organised, and a strong communicator.

Inline with their experience and ability, they can demonstrate information security relevant knowledge and experience in,

Location

 

Information Security

  • PCI DSS Level 1 and/or SAQ-D

  • Risk Assessment, Management, and Mitigation

  • Security Related Testing and Tools

  • Knowledge of PEN, ASV, ISV and/or Related Activities

  • Surface Area of Attack Assessments

  • Threat Modelling and Mitigation

  • oWasp and CWE

  • Shared Responsbility Models and Matrixes

  • Related Consideration that inlude PII

Our custom software technology, a person who can participate in technical reviews at each stage would be a bonus,

  • C# .NET 4.5+ - .NET Core 2+

  • Website, API, Mobile, and Security Related Protocols Including OpenId Connect v1 and oAuth2

  • Use of Ciphers, Encryption, Signatures, Hashing, Masking, Padding, and Key Management

  • SQL Server 2016-2017, SQL, Migrations, Linq, Procedures, Functions, and Entity Framework

  • IIS, Kestral, Middleware (.NET)

  • Web includes Javascript, CSS, HTML, and Frameworks

Dataflexnet card holder data environments are either traditional co-location or AWS based, subject to the usual controls that PCI DSS requires of us, stuff that is just good practice, those include controls around networking, season based and change control initiated testing, patching and updates, hardened baselines, all as examples.

Responsibilities

The ideal candidate, whilst well versed in the information security, will be interested technology generally, they will be agile minded, enthusiastic, and able to coherently present strong ideas and sustainable solutions. PCI DSS knowledge is critical.

Responsibilities, to the best of your ability, accountable to the team, company and client,

  • Orchestrate PCI DSS audit assessments to ensure staff know what is required, when, and in close callaboration with external auditors.

  • Learn, share, and mentor staff in positive and constructive ways risks, ideas, methods, technology, etc., contribute to the overall training effort, supporting a continual development.

  • Improve standards, guidelines, policy and processes, and, conduct internal audits, reporting back to the business, and manage non-compliance.

  • Orchestrate PEN, ASV, ISV, etc. related testing and manage non-compliance and/or mitigations and participate in the change control process as such.

  • Contribute at all hands meetings (monthly) with a focus on information security.

  • Orchestrate security incident response as required.

You need to be fluent in the English language, spoken and written, but those skilled in other languages within Europe and East Asia is a real plus too.

Benefits

In addition to enjoying your time spent at dataflexnet ( more here ) ,

  • Competitive salary according to fit, skill, experience, and position (40-60k)

  • 24 Days Holiday (plus national holidays) increasing with length of service

  • Personal training budget focused on PCI DSS and/or information security certification

  • Gain valuable experience working within a global Fintech business that can support related professional qualifications

manchester-digital-green.png

As Dataflexnet is a member of Digital Manchester, you will receive from Digital Manchester, free membership, free or discounted access to events, and benefit discounts.


  If you are interested then send us a note and CV to careers@dataflexnet.com.