ISSCA PCI QSA Specialist
Job Req ID: 28329
Posting Date: 8 Feb 2024
Function: Cyber Security
Unit: Networks
Location:
1 Braham Street, London, United Kingdom
Salary: Competitive with Great Benefits
Why this job matters
This is an extraordinary and multi-faceted role where you will switch between providing traditional QSA duties, with trusted advice and guidance to our internal organisation, and acting as an internal Compliance Manager where you will ensure we meet our 'ExCo mandate' by ensuring we maintain our record of 100% Compliance. This role is part of, and supported by, the Industry Security Standards Certification Assurance (ISSCA) team which includes several QSA's and PCI Assurers and are responsible for tracking multiple BT specific PCI environments and 3rd party organisations. You will also support the wider BT Group security governance program where you will be expected to support other compliance frameworks (i.e., ISO 27001, Cyber Essentials) and engage with our numerous Corporate Business Units to ensure BT is contractually and legally protected. You will also have opportunities to support BT within multiple business segments such as ecommerce, retail, contact centre as both a Merchant and a Service Provider.
The role can be based in any of the following offices: Birmingham, Bristol, Ipswich, London, Manchester & follows hybrid working
You will have the following responsibilities:
Primarily to support the tasks and process within the ISSCA (Industry Security Standards Certification Assurance) team for the preservation of PCI compliance and supporting other compliance frameworks such as ISO27001, Cyber Essentials.
Provide in-depth detailed knowledge and expertise relating to compliance for internal business processes (including suppliers) where BT is the Merchant or Service Provider
To provide support for customer contracts where BT has compliance obligations, such that account managers/BID teams can make informed risk and cost decisions.
Maintain awareness of forthcoming compliance framework changes to enable BT to maintain its compliance to the latest standards – highlighting as appropriate to any person’s changes requiring investment.
To identify education / training opportunities to strengthen BT’s compliance posture by delivering communication/training as required.
Responsible for continuing to improve BT’s overall compliance posture.
Assist the ISSCA team with the scoping and scheduling of Assessments and factor in ad-hoc audits across the BT Group.
Mentor ISSCA team members.
There will be the need for occasional travel including abroad.
You will have the following skills & experience
Hold an active PCI QSA certification, for at least 5 years, supported by at least one of the following certifications CISSP, CISA or CISM or valid ISO 27001 Lead Auditor & Lead Implementer certifications.
Experience completing Assessments & Reviews (i.e. Gap Assessments, Risk Assessments, Third Party and Security Architecture reviews) based on compliance frameworks such as PCI DSS, ISO27001, Cyber Essentials.
Experience in and implementation/support of environments within Enterprise, Hybrid and Cloud environments. Cloud certifications (i.e. AWS) highly desirable.
Familiarity and experience with a variety of products and technologies such as Cloud, Virtualisation, Network Firewalls, Mobile Applications, Web Application Firewalls, Antivirus Solutions, Data Loss Prevention products, encryption technologies and software development life cycles
Be familiar with web/mobile application security and be able to articulate to a wide audience on how best practice should be implemented.
Understanding of current web/mobile application development, management and environmental methods and solutions, such as DevOps/DevSecOps/GitOps, microservices, orchestration, CI/CD, Infrastructure as Code etc.
Proficient in the understanding and reading of fundamental programming languages (i.e. JavaScript, Python etc.), API’s and SDKs desirable.
Confidently present to internal and external key stakeholders at all levels of technical and managerial positions’ and keeping them engaged and informed.
Ability to work efficiently, manage multiple projects and meet project deadlines with minimal supervision.
Enthusiastic, responsible, proactive, and dependable team player with a willingness to identify and solve problems through creative thinking and collaboration.
Strong written and verbal communication skills with excellent organisational skills.
Honesty and integrity with the willingness to escalate if required.
Benefits
At BT, we entertain, educate, and empower millions of people every single day. We’re a brand built on connecting people – whether that’s friends, family, businesses, or communities. Working here, you’ll receive an attractive salary and a range of competitive benefits, but – more than that – you’ll be joining an ambitious organisation with a culture of togetherness, collaboration, and inclusivity, that takes a genuine and proactive interest in your progress and development.
Competitive salary
10% on target bonus
BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
25 days annual leave (not including bank holidays), increasing with service
Huge range of flexible benefits including cycle to work, healthcare, season ticket loan
World-class training and development opportunities
Option to join BT Shares Saving schemes.
Discounted broadband, mobile and TV packages
Access to 100’s of retail discounts including the BT shop
About us
BT is part of BT Group, along with EE, Openreach, and Plusnet.
Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding.
We value diversity and celebrate difference. As Philip Jansen, our CEO, says ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’
We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development.
This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it.
A FEW POINTS TO NOTE:
Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.
DON'T MEET EVERY SINGLE REQUIREMENT?
Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.