Über
Position Summary The Information Security Analyst is responsible for protecting Christopherson’s systems, data, and client information by maintaining and improving the organization’s security posture. A core focus of this role is leading PCI DSS compliance efforts — managing audits, remediating gaps, and ensuring ongoing adherence to payment card industry standards. Beyond compliance, this role conducts vulnerability assessments, monitors security events, and partners across teams to embed security best practices into daily operations.
Key Responsibilities
PCI DSS Compliance & Audit Readiness
Lead PCI DSS compliance initiatives including self‑assessment questionnaires (SAQs), gap analyses, and remediation tracking.
Coordinate with internal teams and external assessors (QSAs) to prepare for and support PCI audits.
Maintain and update security policies, procedures, and documentation required for PCI compliance.
Monitor changes to PCI DSS standards and assess their impact on Christopherson’s environment.
Vulnerability Management & Security Testing
Conduct regular vulnerability scans and coordinate penetration testing across internal and external systems.
Analyze scan results, prioritize findings by risk, and drive remediation efforts with system owners.
Perform security assessments of new applications, integrations, and infrastructure changes prior to deployment.
Security Monitoring & Incident Response
Monitor security alerts and events using SIEM tools and elevate potential incidents per established procedures.
Investigate and respond to security incidents, document findings, and recommend preventive measures.
Assist in the development and testing of incident response and disaster recovery plans.
Governance, Risk & Policy
Conduct risk assessments to identify threats and vulnerabilities across the organization’s technology landscape.
Develop and maintain information security policies, standards, and guidelines aligned with industry frameworks (PCI DSS, NIST, CIS).
Deliver security awareness training and phishing simulations to promote a security‑conscious culture.
Cross‑Functional Collaboration
Partner with IT, development, and operations teams to integrate security controls into systems and workflows.
Advise stakeholders on security implications of business decisions, vendor relationships, and technology changes.
Support third‑party vendor security assessments and due diligence reviews.
Qualifications
Required
3–5+ years of experience in information security, cybersecurity, or IT audit/compliance roles.
Hands‑on experience with PCI DSS compliance, including audit preparation, evidence gathering, and remediation.
Proficiency with vulnerability scanning tools (Nessus, Qualys, Rapid7, or similar) and SIEM platforms.
Solid understanding of network security, firewalls, endpoint protection, and access control principles.
Strong analytical and communication skills with the ability to translate technical risks into business terms.
Preferred
Industry certifications such as CompTIA Security+, CISSP, CISA, or PCI QSA/ISA.
Experience with compliance frameworks beyond PCI DSS (NIST CSF, SOC 2, ISO 27001).
Familiarity with cloud security in AWS, Azure, or GCP environments.
Background in the travel, financial services, or payment processing industry.
Core Competencies
Regulatory Compliance & Audit Management
Risk Assessment & Threat Analysis
Vulnerability Management & Penetration Testing
Incident Detection & Response
Security Policy Development
Cross‑Functional Communication & Stakeholder Advisory
What We Offer
Competitive base salary ($90,000–$110,000 depending on experience)
Comprehensive benefits package (medical, dental, vision, 401k)
Professional development and certification support
Flexible, hybrid work environment
A collaborative, mission‑driven culture
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.