Program Card Industry Business Analyst – Project Manager IINovember 20, 2023
ServiceNow Catalog Analyst – Project Manager IINovember 20, 2023
- ITnova is an IT and engineering consulting company dedicated to supporting government agencies with innovative and flexible IT solutions. With our advanced technology, we are committed to supporting the Federal and State government’s mission and goals while providing seamless customer service.
- At our company nothing is more important than our people. Supporting and protecting our employees, families, and community has been, and continues to be, our focus.
- Hybrid with onsite work at 2 Montgomery Street, Jersey City NJ with possible meetings at other Port Authority Facilities in the NY/NJ area
Under the direction of the Deputy Director of Technology the Program Manager – PCI will Manage one full time Project Manager with PCI certifications and two part-time Project Managers. Matrix responsibility for representatives from the lines of business and organizational departments responsible for meeting PCI compliance in their respective areas.
- Manage and drive the PCI Program forward by collaborating with internal stakeholders, service providers, and external Qualified Security Assessor (QSA). To achieve the Port Authority must comply with the 325 PCI DSS Requirements that are applicable in the departments.
- The Program is coordination and managing the acquisition of tools required to meet PCI reporting requirements, either by acquiring and implementing software or engaging service providers to perform the services.
- Responsible for implementing policies, procedures, controls, and monitoring to produce PCI compliance evidence. An internal review of control compliance is completed prior to passing t to the QSA for assessment and final Quality Assurance review. All questions, feedback and items are passed back to the Program team for remediation.
- Document and implement all policies and procedures that are not in place to meet PCI Requirements.
- Manage PCI Compliance for all service providers, by obtaining their appropriate Attestation of Compliance (AOC) or if none exist, including work the service providers does in the Port Authority PCI Assessment.
- Develop and maintain a repository of all internal testing, compliance reporting and evidence for the Program. Post all required and relevant evidence to the QSA portal for assessment.
- Develop and maintain PCI base line requirements used in evaluation, testing and assessment including but not limited to;
- Devices and network segments in-scope for PCI.
- Service Providers and their compliance status.
- Compliance progress and monitoring of Service Providers.
- Participation with Procurement to include PCI responsibility wording in agreements.
- Receipt of service provider acknowledgment of responsibility of PA card date they manage.
Program Reporting Responsibilities:
- Update to the PCI Steering Committee (CFO, CTO, Treasurer, and others) every three weeks.
- Prepare, document and present Issues, Risk and Status.
- Update to the CTO twice a week.
- Manage and lead an update with all relevant short-term activities.
- Meet with the Qualified Security Assessor and Treasury representative weekly.
- Provide input and feedback in QSA progress update and issue resolution.
- Maintain IT Program Status Report weekly.
- Prepare Program update and align to overall business metrics.
- Provide Ad Hoc reporting support for Board of Directors and Committees as requested.
- Prepare and assets as requested.
- Lead PCI Program meeting and check point daily.
Experience and Qualifications
- Bachelor’s degree in business administration, or Information Technology.
- Minimum of 10 years in a similar role.
- Lead and completed a minimum of 8 large organization PCI Assessments.
- Detail knowledge of PCI Requirement and supplemental information.
- Leadership experience managing others including matrix management.
- Business experience in Finance, with a management role.
- Business experience in IT, with a management role.
- Business experience in Program reporting to executive management.
- Must sign PA Non-Disclosure Agreement.
- Must obtain Secure Workers Access Consortium (SWAC) background check.