Senior Director, Information Security - Security Compliance

Full Job Description

• Leading the global security compliance team being responsible for achieving and controlling compliance with the applicable information security standards and regulations.
• Ensuring annual recertification of cloud-based and inhouse applications and systems pursuant to PCI DSS, PCI 3DS, PCI PIN und PCI P2PE and SOC 1 Type 2.
• Developing a centre of competence to respond to security and PCI related questions related to Planet’s ecommerce and card-present systems and applications.
• Implementing a company-wide security control framework for PCI.
• Managing the migration from PCI v3.2.1 to v.4 by assessing thew new requirements, identifying and assigning roles and responsibilities, educating control owners, and evaluating and implementing new security processes and applications.
• Managing and coordinating security assessments and audits as well as RFP questionnaires performed by financial partners, public authorities, and key customers.
• Reviewing and implementing all applicable compliance requirements in view of the transition to the new TCS datacentres.
   
• Evaluating and implementing applications and processes for raising information security awareness (e.g. trainings, anti-phishing campaigns, etc.)
• Performing incident response plan testing and table-top exercises.
• Maintaining a company-wide security risk register used for the monthly reporting to the enterprise risk management team.
• Reviewing, updating maintaining security policies and procedures required for PCI.
• Assessing the security of new companies being acquired by Planet.
• Maintaining vendor risk management program to be compliant with the PCI requirements.