Overview
Lab Quality Manager role at PCI Security Standards Council
Location: North America or UK • Department: Product & Technology • Reports To: Sr. Director, Quality and Operational Excellence • FLSA Status: Exempt
The Lab Quality Manager will play a significant role in reviewing laboratory evaluation reports, conducting periodic lab audits, and supporting the development and maintenance of PCI Council programs and standards. The role involves collaboration with the Lab Validation Programs team, industry stakeholders, and other subject matter experts to support Lab standards, including the Lab General Requirements (LGR), Lab Program Guide (LPG), and Lab Audit documentation, and fiduciary responsibility for the development of standards that result in Lab Evaluation reports (e.g., PTS POI, HSM, CPoC, SPoC, MPoC).
Responsibilities
* Review and assess PTS POI, PTS HSM, SPoC, MPoC, and CPoC laboratory reports to ensure consistent and appropriate application of security testing criteria.
* Interact with PCI-recognized evaluation laboratories to provide, receive, and process guidance on technical security issues, RFCs, and evaluation methodologies.
* Conduct periodic audits of Lab processes and requirements per the Lab General Requirements, including documentation for Skills, Equipment, and Quality. Audits may be conducted remotely or on-site.
* Develop and discuss technical FAQs to support the assessment of payment security devices; may act as Subject Matter Expert in creating FAQs for PCI lab evaluation programs.
* Attend and provide project management and SME input for the PCI lab evaluation Standards team on technologies such as Open Protocols, Encryption, Tokenization, Mobile, Cloud Computing, Wireless technologies, and Virtualization.
* Participate in the review and evaluation of PCI lab evaluation standards.
Qualifications
* Excellent written and oral communication skills; ability to express thoughts clearly and contribute to a team environment.
* Strong interpersonal skills with the ability to work with diverse perspectives.
* Flexible, proactive, self-starter, quick to learn, and a can-do attitude.
* Curiosity, creativity, persistence, commitment, passion, and optimism.
* Strong organization and time-management skills.
* Ability to work independently and as part of a team.
* Familiarity with Microsoft Office products and PowerPoint.
* Willingness to travel up to 10% domestically and internationally.
* Understanding of the financial and payment card processing industries.
Education & Experience
* Minimum of 5+ years of information security, payment card technologies and payment device physical and logical security constructs.
* Familiarity with mobile payment transactions.
* Knowledge of mobile device and operating system architecture.
* Industry certifications in Information Security/Systems preferred.
* Bachelor's degree required; experience in physical and logical security characteristics of cryptographic devices.
* Working knowledge of the financial industry and the lifecycle of payment card transactions.
* Working knowledge with payments industry software and hardware development methodologies and practices.
* Working knowledge in audit and control procedures for preventing or detecting unauthorized alteration or substitution of secure devices during manufacturing and/or during transport.
* Working knowledge of audit methodologies and security assessment tools for physical facilities and device evaluation processes.
* Familiarity with cryptographic key management methodologies and standards (e.g., ANS X9.143, ISO 11568) for protection of payment card data for payment transaction processing, with emphasis on cardholder authentication data.
* Strong comprehension of information security best practices and applying knowledge to PCI requirements.
Salary & Benefits
The starting minimum salary for this role is $100,000 USD annually, plus bonus. Final compensation will be based on skills, experience, geographic location, and other relevant factors.
To learn more about the PCI Security Standards Council, visit https://www.pcisecuritystandards.org/
PCI SSC is an Equal Opportunity Employer.
Job Details
* Seniority level: Mid-Senior level
* Employment type: Full-time
* Job function: Quality Assurance
* Industries: Computer and Network Security
#J-18808-Ljbffr