IT GRC Analyst
US-AZ-Tempe
Careers (External)
Req #: 44273
Type: Regular Full Time
|
|
||||||||||||
|
|||||||||||||
Overview: Being good neighbors - helping people, investing in our communities, and making the world a better place - is who we are at State Farm. It is at the core of how we operate and the reason for our success. Come join a #1 team and do some good! Responsibilities: The IT GRC Analyst will work on a team of certified Payment Card Industry Internal Security Assessors (PCI ISA) on State Farm's ET-PCI Compliance and Consulting (PCI C&C) Team. This job role is responsible for assessing, validating, and delivering the Payment Card Industry Data Security Standard (PCI DSS) compliance for State Farm's PCI in-scope people, processes and technologies. Key Responsibilities Performed by the PCI ISA on a Daily Basis: * Applies defined PCI DSS scoping criteria. * PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met. * Supports the completion of assigned tasks for the annual PCI DSS Report on Compliance. * Drives necessary system and process updates in alignment with PCI DSS scoping & requirements. * Facilitates interaction between the business partner(s), product teams and the PCI C&C Team. * Consults on new and complex PCI DSS compliance considerations. * Works closely with business and technology teams to develop strong liaison relationships. * Stays current with new and evolving security, technologies, governance, risk & compliance topics via formal training and self-directed education. * Shares knowledge and experiences with others to help grow the team's talent bench through training and mentoring on a continual basis. Qualifications: * 2 to 5 years hands-on ServiceNow experience as a developer, implementation specialist and/or GRC technical analyst/architect, specifically with the GRC related modules within ServiceNow. Additional technical Skills to include JavaScript, HTML/CSS, REST/SOAP integrations, ServiceNow UI Actions. * 5 to 8 years of technology and/or information security background and/or governance, risk & compliance. * Intermediate knowledge of five or more of the following areas: infrastructure (physical, virtual & Cloud), network segmentation, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, risk assessments/reviews and information security policy. * Ability to analyze, collaborate & present solutions (both verbal & written) to successfully remediate identified compliance issues with business partner, stakeholders and third party service providers. * Intermediate knowledge of PCI DSS compliance & security frameworks to understand & validate the requirements of protecting customer's payment card data. * Work well under pressure to identify and problem-solve complex situations across multiple customer channels and scenarios related to customer cardholder data and applicable PCI DSS Compliance. Recommended * Past or current certifications in one or more of the following areas: Security+, CISSP, GSEC, AWS, Azure, Microsoft, CISA, CISM, PCI ISA or PCI QSA. * Proven experience as a motivated, self-starter, who can deliver results in a fast paced, complex, changing environment. * Must be a strong communicator, a team & individual contributor, who has preferably worked on a team across multiple time zones. SFARM #LI-Hybrid
Share this job:
