PCI compliance specialist payments card industry

Payment card industry is closely governed by lots of rules and regulations. As such they have direct access to customer information and need something 100% secured. Payment processing industry has become indispensable as world is going digital. With continuous support of online projects from government across developed, developing nations usage of website, online payment, payment processing have become inevitable. As such payment processing subject matter expertise can be acquired in many different ways including working in real-time projects geared towards payment processing, obtaining industry recognized certifications etc. Let us look at the PCI certifications that help you position yourself and stand apart from the crowd.A PCI specialist plays a prominent role in an organization as he is the principal point of contact helping organizations meets public and private regulatory requirements. Here is the quick overview of list of job duties of a PCI compliance personnel in an enterprise: 1) PCI compliance specialist work closely with auditors. Major part of their work involve gathering requirements on internal and external regulatory requirements form auditors and making sure current systems in place meet the compliance requirements 2) Interpret audit requirements to ensure appropriate definition of controls 3) Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls 4) Monitor and perform compliance testing, issue testing findings, prepare written report of findings, perform follow up testing, and assist in correcting deficiencies 5) Lead the innovation and continuous improvement of IT internal control framework, including the integration of multiple compliance requirements 6) Communicate controls, policies, standards, and compliance requirements to the business and IT staff 7) Regularly interact with senior management and internal and external auditors to convey findings identified through walkthroughs and testing, assess the risk and impact of deficiencies, and make recommendations for remediation 8) Analyze regulatory developments and recommend integration into the organization policies and standards 9) Provide subject matter expertise on technologies such as Open Protocols, SRED, Encryption, HSM, Tokenization, Mobile Security, Cloud Computing and Virtualization 10) Advice control owners on the implementation of controls related to network segmentation, OS and DB hardening, secure applications development, logging and monitoring, vulnerability management, access management, information security management, etc What are the qualification requirements expected out of a PCI compliance engineer? 1) Demonstrated in depth understanding of the payment Security Industry Data Security Standard (PCI-DSS), PA-DSS and/or PTS 2) Understanding of regulatory requirements for the financial services sector including Sarbanes Oxley (SOX) section 404, FFEIC, GLBA, OFAC, and other regulatory requirements a plus 3) Experience with /SSAE 16/AT 101 and/or internal audit assessments and processes 4) Understanding of information security and risk management frameworks such as COBIT, ISO17799/2700x, NIST, FIPS and COSO 5) Technology/information risk management experience in analyzing business processes and the related technology that supports these processes. Experience in performing risk assessments (e.g., evaluate threats, vulnerabilities, likelihood, and impact) and identifying mitigating controls 6) Technology background with familiarity in at least two of the following: distributed systems (Linux, Solaris, Windows), databases, networks (LAN/WAN technologies, firewalls, routers, software development, etc. 7) Familiarity with mitigating controls at the systems, network, and application level 8) Audit/assessment experience in the financial services industry, especially in a large/global/diversified organization or large/global Internet ecommerce organization background required 9) Ability to explain technical jargon in simplified terms 10) Industry certifications in the areas of Information Security/Systems - CISSP, CISA, CRISP, CGEIT - PCI ISA/QSA a plus Payments Card Industry certification from PCI Security Standards Council : PCIP certification as it is popularly called is a new certification track from PCI security standards council one of the most popular payment card industry certification. So, what is necessity of this certification? All these days Payment card industry merchants can avail certification from PCI security standards council. As opposed to that there comes a need for individual level certification. To cater this PCIP comes handy In payment card industry security of account information is of primary importance. PCI Security standards is the consortium that governs development, enhancement, storage, dissemination and implementation of security standards that govern the account protection in payment card industry. By proper utilization of PCI security standards data security is enhanced. This is a consortium founded by major players in industry including American Express, Discover Financial Services, JCB International, Mastercard, Visa Inc. what are the standards developed and managed by PCI? Standards are developed, maintained by Payment Card Industry Security Standards Council also called PCI SSC. This is a consortium launched in 2006 that does take care of the following security standards 1) DSS - Data Security Standards - This is a standard based on which payment card industry vendors develop actionable framework based on which payment card data security process does take place. Data security process basically involves prevention, detection, taking necessary action in case of security incidents. Organizations can make use of Self Assessment Questionnaires the tool to validate their PCI DSS compliance 2) PA-DSS - Payment Application Data Security Standard - This standard is geared towards payment card industry software vendors , software development firms. You can list your product in list of validated payment applications upon meeting this standard guidelines 3) PTS - PIN Transaction Security requirements - Payment card device vendors and manufacturers do make use of this standard to determine set of requirements for all PIN terminals like POS devices, encrypting PIN pads, unattended payment terminals Who can benefit out of it? As such anyone currently working, looking to start a career can get greatest benefit out of this. This includes 1) Subject Matter experts 2) Program manager 3) Project manager 4) Developer 5) DBA involved in security audit 6) Security professional in payment industry - This gives more weightage than CISSP 7) Infrastructure personnel 8) Governance and risk managers 9) E-commerce professionals What is format of this training? It is a self-paced e-learning training that can be taken 24x7x365 Where can I take exam? In PCI accredited Pearson centres. There are almost 4000 centres http://www.pearsonvue.com/PCI/ How do I apply for exam? Visit the PCI website to apply for exam https://programs.pcissc.org/pcipregistration.aspx