Posted on
Our client is looking to hire an on-contract Program Manager Level 3- Payment Card Industry (PCI) to work with the Financial Management Group for a twelve (12) months contract.
DESCRIPTION OF WORK (SCOPE OF WORK)
NOTE: This position is hybrid with any onsite work at 2 Montgomery Street, Jersey City NJ with possible meetings at other Port Authority Facilities in the NY/NJ area
This includes the Port Authority and all lines of business including, PATH trains, Aviation, Bridges & Tunnels, Ports, World Trade Center (WTC), and ecommerce. This Program Manager also manages the technical relationship and provides all internal evidence of PCI Compliance to the organization's Qualified Security assessor.
JOB RESPONSIBILITIES:
Under the direction of the Deputy Director of Technology the Program Manager - PCI will Manage one full time Project Manager with PCI certifications and two part-time Project Managers.
Matrix responsibility for representatives from the lines of business and organizational departments responsible for meeting PCI compliance in their respective areas.
• Manage and drive the PCI Program forward by collaborating with internal stakeholders, service providers, and external Qualified Security Assessor (QSA). To achieve the Port Authority must comply with the 325 PCI DSS Requirements that are applicable in the departments.
• The Program is coordination and managing the acquisition of tools required to meet PCI reporting requirements, either by acquiring and implementing software or engaging service providers to perform the services.
• Responsible for implementing policies, procedures, controls, and monitoring to produce PCI compliance evidence. An internal review of control compliance is completed prior to passing t to the QSA for assessment and final Quality Assurance review. All questions, feedback and items are passed back to the Program team for remediation.
• Document and implement all policies and procedures that are not in place to meet PCI Requirements.
• Manage PCI Compliance for all service providers, by obtaining their appropriate Attestation of Compliance (AOC) or if none exist, including work the service providers does in the Port Authority PCI Assessment.
• Develop and maintain a repository of all internal testing, compliance reporting and evidence for the Program. Post all required and relevant evidence to the QSA portal for assessment.
• Develop and maintain PCI base line requirements used in evaluation, testing and assessment including but not limited to;
1. Devices and network segments in-scope for PCI.
2. Service Providers and their compliance status.
3. Compliance progress and monitoring of Service Providers.
4. Participation with Procurement to include PCI responsibility wording in agreements.
• Receipt of service provider acknowledgment of responsibility of PA card date they manage.
Program Reporting Responsibilities:
• Update to the PCI Steering Committee (CFO, CTO, Treasurer, and others) every three weeks. o Prepare, document and present Issues, Risk and Status.
• Update to the CTO twice a week.
o Manage and lead an update with all relevant short-term activities.
• Meet with the Qualified Security Assessor and Treasury representative weekly.
o Provide input and feedback in QSA progress update and issue resolution.
• Maintain IT Program Status Report weekly.
o Prepare Program update and align to overall business metrics.
• Provide Ad Hoc reporting support for Board of Directors and Committees as requested.
o Prepare and assets as requested.
o Lead PCI Program meeting and check point daily.
EXPERIENCE AND QUALIFICATIONS
• Bachelor's degree in Business Administration, or Information Technology.
• Minimum of 10 years in a similar role.
• Lead and completed a minimum of 8 large organization PCI Assessments.
• Detail knowledge of PCI Requirement and supplemental information.
• Leadership experience managing others including matrix management.
• Business experience in Finance, with a management role.
• Business experience in IT, with a management role.
• Business experience in Program reporting to executive management.
HIGHLY DESIRABLE: PORT AUTHORITY OF NY & NJ EXPERIENCE
JOB REQUIREMENTS:
• Must sign PA Non-Disclosure Agreement.
• Must obtain Secure Workers Access Consortium (SWAC) background check.
WORK HOURS
The normal workday for the Fire will be 8 AM to 5:00 PM, Monday through Friday except for observed holidays. The Consultant shall work an 8-hour workday, with a mandatory I-hour Lunch Break. Total billable hours per week shall not exceed 40 hours. All overtime must be pre approved by the designated Project Manager before any work is performed.
TIME FRAME
It is anticipated that the project shall start on or about 12/18/2023 and expire on or about 12/18/2024.
We are a Minority and Women Owned Certified Agency; Pacetas Agency is an integrated management consulting firm providing professional services to Prime Vendors and other companies in staffing, recruitment, project management, and Event and Marketing Communications.