PCI Analyst

Working at the Cumberland, you become part of something special. We’re a Mutual organisation, committed to improving the lives of our colleagues, customers, and community. Our values are incredibly important to us.

We’re on an exciting transformational journey with our people firmly at the forefront of our plans. If you want to work for a team integral in helping to drive cultural change, a team where you can bring your whole self to work bringing your energy and creativity to make a positive difference, then this is the job for you.

We have an exciting opportunity for a PCI Analyst to join our information Security team.

In this role you’ll support in fulfilling our PCI compliance obligation and further assist in the delivery of the PCI strategy through business activities, projects and business change. You’ll also provide support to the PCI Compliance manager through proactive assessments and stakeholder reporting channels.

The Benefits

• Salary - up to £45,540 p.a. - depending on skills and experience.
• Holidays - 25 days holiday plus public holidays and the opportunity to buy and sell up to 3 days.
• Learning and Development Opportunities - We want you to grow in your role. We’ll work together to support your personal and professional development.
• Hybrid Working - the tools and equipment you need to be able to work from home when you need to, depending on your role.
• Health and Wellbeing - a calendar of events and activities throughout the year, Mental Health & Wellbeing champions, and Cycle to Work scheme.
• Community Day - We offer our people an extra paid day off every year to help local charities and community organisations.

The role

Reporting to the PCI Compliance Manager, the key responsibilities and duties in the role are:

• Develop effective working relationships with all data owners/stakeholders.
• Engage with data owners, stakeholders, and relevant subject matter experts (SMEs) to identify, prioritise and document PCI data requirements.
• Analyse and document current processes, workflows and information exchanges that create or duplicate PCI data. Work with data owners/stakeholders/SMEs to seek opportunities to improve processes resulting in PCI data to ensure compliance.
• Confidently present evidence and collaborate with Qualified Security Assessors (QSAs).
• Support the maintenance of the PCI DSS asset inventory, compliance tracking, and assessment schedules.
• Help maintain compliance performance indicators and contribute to both internal and external reporting efforts.
• Develop monthly and annual reporting to inform the senior leadership team of the PCI risk position.
• Assist in preparing and delivering updates to the Data Council and other governance bodies.
• Monitor PCI data via Netwrix Data Classification & Auditor tools and analyse scanning output and engaging with data owners.
• Become a Netwrix lead and expand to other data areas as and when required.
• Continuous monitoring and reporting of PCI data within the organisation.
• Assist in the management of third parties concerned with PCI data.
• Escalate breaches of policies / procedure appropriately.
• Identify and deliver PCI remediation activities in line with the PCI data strategy and the PCI charter.
• Engage with the business to increase awareness of PCI compliance through training and engagement opportunities.
• Ensure that all necessary security policies and procedures are established and maintained in relation to the on-going service operation.

About you

We’re looking for someone with experience of stakeholder management within a financially regulated, bank/building society setting, with in-depth understanding of PCI DSS.

You’ll have knowledge of industry approaches for safeguarding cardholder data and awareness of fundamental InfoSec controls in a business context. We’d also like to see experience of auditing practices such as but not limited to ISO27001.

Desirable (but not essential) experience and knowledge includes PCI ISA (Internal Security Auditor) qualification and knowledge of Netwrix Data Classification and Auditor tools.

Skills, Abilities and Behaviours

Essential Skills:

• Ability to think systematically and logically, with strong verbal and written communication skills.
• Experience in PCI DSS audits or being involved in the ongoing operation of PCI requirements.
• Good general understanding of technologies required to help meet PCI DSS requirements.
• Willingness to study and achieve a PCI security qualification e.g. PCIP, PCI ISA if not already held.
• The ability to establish and operate a proactive and continual compliance approach.
• Planning / delivery focused / completer-finisher.

Desired Skills:

• Knowledge and Payment Gateways and merchant channels.
• Experience in Cyber/Information Security or IT.
• Relevant security qualification e.g. CISM, CISSP

Current working arrangements are flexible with a requirement to travel to Carlisle on a regular basis.