Security Manager, functioning as Senior Security PCI Compliance Analyst

client Florida Department of Transportation (FDOT) in Boca Raton, FL.

This is onsite position.

10 months+

Rate: $70-80H C2C. If higher let me know.

USC, GC

Exhibit F must be completed.

Job Family: Security Management

Job Title: Security Manager, functioning as Senior Security PCI Compliance Analyst Job #: 6800

Variance: Sr. Manager

Summary

This position reports to the Security Risk and Compliance Office (SRCO) Manager, Information Technology Office

of Florida's Turnpike Enterprise (FTE). The candidate will have hands-on experience performing PCI_DSS

assessment, SOC2 Type1 and Type2 audits, developing KPI and reporting matrix, and formulating cost-benefit

analysis to help align SRCO and Network Operations technology solutions with business initiatives and delivery.

Have a good understanding of Network and Security technology solutions and can articulate them to meet

current and future FTE's Information Technology and business initiatives.

Responsibilities

• Coordinate and perform annual PCI certification, perform interim assessments, and work with the broader
  
  

Information Technology team to remediate identified gaps. Ensure that established timelines of the yearly

certification are met.

• Coordinate and perform Department's annual SOC2 assessment. This includes coordinating with internal and
  
  

external parties to obtain documentation, obtaining necessary approvals, and meeting established timelines.

• Perform interim and annual reviews, including assisting with ad-hoc audits for compliance with State of Florida
  
  

status and established compliance requirements and industry best practices.

• Manage vulnerability program to ensure remediation based on established Service Level Agreements,
  
  

including PCI-DSS and Cybersecurity Frameworks. Develop management reporting.

• Develop and maintain Department's KPI and create monthly and quarterly reporting for the leadership.
• Assist the SIRT team in formulating testing schedules, conducting tabletop exercises, and facilitating lessons
  
  

learned workshops and management reports.

• Maintain and enhance SRCO and Network Operations software and tools to identify licensure, including
  
  

annual renewals. Work with the TDC procurement team to explore opportunities for consolidating renewals.

• Assist with managing supply chain oversight, including establishing, maintaining, and performing a risk
  
  

assessment. Develop risk matrix and management reporting.

Requirements

Education:

• Bachelor's degree or equivalent experience
  
  

Experience

• Must have 5 to 7 years of hands-on experience in performing PCI-DSS assessment
• Must have 4 to 6 years of hands-on experience with SOC2, Type1, and Type 2 assessment
• Strong experience with managing and organizing Security Incident Response Team (SIRT) activates
• Must have 5 to 7 years of experience using GRC tools such as Archer and ServiceNow.
• Must have 3 to 4 years of hands-on experience performing IT business processes and cost-benefit analysis.
• Must have strong presentation and written communication skills.
• Strong working knowledge of Excel, Visio, MS Word, and developing PowerPoint presentations.
• Have a good understanding of Information Technology tools and technology supporting overall IT
  
  

organization and business.

Certification

• Certified Information Security Manager (CISM) or Certified Information Security Auditor (CISA)