Senior PCI Engineer
Location: Sterling, VA, United States, 20116
Req ID: 2226
Discovery hires the very best and brightest talent who are enthusiastic and passionate to fulfill the company's mission of empowering people to explore their world and satisfy their curiosity.
In exchange for their talent and drive, employees are provided with an engaging, diverse workplace and the resources they need to learn, thrive and grow in their careers.
As the Discovery Inc. portfolio continues to grow - around the world and across platforms - the Global Technology & Operations (GT&O) team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business and technology systems that are critical for delivering Discovery's products, while articulating the long-term technology strategy that will enable Discovery's growing pay TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.
Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery Communications. In light of the constant threats to and attacks against companies and industries across the globe, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets and data from our internal infrastructure for the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.
The mission of the PCI program at Discovery is to protect our security posture and ensure that all of our applications and platforms that handle payment data are PCI compliant and conform to the PCI-DSS (Data Security Standards) as well as other PCI standards, where applicable.
We are looking for a leader to join our team to ensure we meet these compliance goals. This person will be a technically savvy person who likes to solve issues and drive outcomes.
- Act as the primary technical liaison and subject matter expert between internal teams and external assessors
- Review data flows and architecture for new and existing products to determine scope and relevance for PCI compliance
- Provide technical controls expertise to the PCI team during external and internal assessments
- Address technical inquiries from control owners that are submitted pertaining to PCI
- Knowledge about new technologies and environments that impact PCI (e.g. Private/Hybrid/Public Cloud, PAN masking and tokens, expanded account ranges, 3DS, etc.)
- Assist global application teams develop and implement technical remediation strategies and compensating controls
- Participate in maturing the program to meet new requirements and rapid growth
- Representing Information Security in long term technical projects that are in scope for PCI requirements to ensure compliance with applicable standards
- Communicate security risks and gaps related to PCI requirements to stakeholders and executive management
- This hands-on role involves technical security assessments of applications and infrastructure, reviews of security design and operational effectiveness, and performance of risk assessments
- Review security architecture of applications and determine PCI relevance
- Assess controls and compliance to requirements from the hardware to the application layers
- Employ strong research and problem-solving skills
- Interpret and apply PCI standards to new and existing technologies
- Identify, communicate, and assess security gaps
- Communicate business risk to stakeholders
- Understand security findings (from vulnerability and penetration tests) and develop remediation strategies
- Evaluate compensating controls for reducing risk
- Lead technical meetings
- Work in slightly chaotic, rapidly growing environment
- Work both independently and as part of a very cohesive team
- Execute medium and large sized IT and information security risk and compliance assessments, PCI assessments, audits, gap analyses, and remediations
- Actively lead projects in the areas of PCI-DSS and PA-DSS
- Communicating with project stakeholders to effectively convey requirements of technical controls and process improvements
- Apply in-depth knowledge of IT security and various frameworks (i.e CobiT, NIST, ISO, CIS, etc.)
- Experience in managing policy exceptions, including working directly with stakeholders to document exceptions, identify compensating controls and corrective action plans
- Communicate effectively across business and technical boundaries
- Be proficient in writing executive level reports and technical documentation
- PCI standards and requirements
- Latest information security protocols and standards
- Security controls, especially those that impact PCI (encryption, access, vulnerability testing, etc.)
- Security prevention and detection systems and other security event management systems
- Data structures and classifications
- Organization-specific policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems and infrastructure
- Compliance: regulatory, privacy, international laws and statutory requirements
- Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies
- Governance: vendor management, policy frameworks, control design and security design/architecture
- Security architecture: infrastructure, network and systems design
- PCI: knowledge of and hands-on experience with PCI audits and PCI attestations
Education and Experience
- Must be a certified PCI-QSA (Qualified Security Assessor), PCI Professional, or Internal Security Assessor or have held the certification within the last three (3) years
- Hold at least one other Security, Risk or IT certification (i.e., CRISC, CISA, CISM, CISSP, or ISO 27001)
- Associate's, Bachelor's, or Master's degrees are a plus
- Minimum 4 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field
Discovery Communications, Inc. is an equal opportunity employer. Discovery is committed to being an employer of choice, not just a good place to work, but a great and inclusive place to work. To that end, we strive to recruit and maintain a workforce that meaningfully represents the diverse and culturally rich communities that we serve. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disabled status or, genetic information.
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including but not limited to all local Fair Chance Ordinances.
EEO is the Law
Pay Transparency Policy Statement
If you are an individual with a disability and need an accommodation during the application process, please send an email request to HR@discovery.com.