The Program Manager will oversee the system-wide technical aspects of the Payment Card Industry Data Security Standards (PCI DSS compliance program focusing on maintaining security controls and processes and supporting evaluations of new credit card processing systems and/or other payment methods. This position will support internal compliance efforts, identify and assess risks, and work with internal technology owners to appropriately document, test, and report PCI DSS compliance status.
Recommend, implement and adhere to approved operating goals, objectives and budget. Report operational performance, justification and/or corrective action, ensuring compliance with government and agency regulations.
Collaborate closely with the business to understand the future needs for using and card data then using that information, along with business strategies to formulate a future state process and system design
Support internal PCI DSS technical compliance evaluations to ensure appropriate implementation of controls and alignment with the PCI DSS standards. Identify potential gaps, develop corrective action plans, and oversee remediation activities.
Develop and maintain PCI DSS related network and data flow documentation. Advise process and technology owners on documentation and testing requirements and oversee execution of audit procedures across network devices, applications, databases, and operating systems in scope for PCI DSS compliance.
Partner with all levels of IT and business management to ensure PCI DSS compliance audits are conducted in a cooperative, timely and efficient manner with cost effective recommendations being provided to management when compliance gaps are identified.
Support review of PCI Self-Assessment Questionnaires (SAQ) and other related regulatory documentation required for the annual attestation, as applicable. Identify, gather, and retain supporting evidence. Conduct end to end PCI DSS compliance system reviews for new and proposed cardholder applications and services, and prepare status reports and executive summaries on the PCI DSS Compliance Program.
Partner with third party Qualified Security Assessors (QSA) to validate compliance with the PCI DSS standard. Monitor corrective actions and process improvement plans. Support annual attestation of compliance (AoC) submissions, and quarterly vulnerability scans or periodic penetration tests, if applicable. Document findings, develop remediation plans, and tracks status.
Continually evaluate and identify relevant changes to PCI DSS requirements and assess the impact of these changes on the companys PCI DSS Compliance program and maintain knowledge of Finance or Treasury functions including other types of payments and security related to do such payments.
Requires a Bachelor's Degree in Information Technology, Computer Information Systems, Accounting, Finance, Economics or equivalent experience and a proficiency level typically achieved in 5 years.
In-depth knowledge of financial analysis principles is necessary, including 2 years of hands-on security assessment and quality assurance related to PCI DSS.Organizational, communication, and management skills are required
Knowledge of governance frameworks, including but not limited to: ISO 27001, NIST CSF, COBIT, ITIL; Payment Card Industry Professional (PCIP), Payment Card Industry Internal Security Assessor (PCI ISA), Certified Public Accountant (CPA), Master of Business Administration (MBA) or Certified Treasury Professional (CTP) and knowledge of treasury functions, compliance trends, issues and regulations preferred.
Additional related education and/or experience preferred.
Internal Number: 253213
About Banner Health
You want to change the health care industry – one life at a time. You belong here. You’re excited to be part of the dramatic changes happening in the health care field. In fact, you thrive on change. But you also understand that excellent, compassionate patient care is the true measure of the success of these changes. You belong at Banner Health. Our award-winning, comprehensive health system includes 23 hospitals in seven western states, primary care health centers, research centers, labs, a network of physician practices and much more. Throughout our system, skilled, compassionate professionals use the latest technology to change the way care is provided. If you’re looking to be a key contributor to a forward-looking organization, you’ll experience a wide variety of professional advantages: •Our vision for changing the future of health care gives you the opportunity to leverage your abilities to achieve something historic. •Our expansive system offers you an unmatched variety of clinical settings – from large urban trauma center to small rural hospital, ambulatory to home health. Our system also includes hospitals specializing in cancer, heart health and pediatrics. •Our many loc...ations also translate into a broad selection of exciting and rewarding lifestyle options – from the big city to the wide-open spaces. •Our commitment to healthcare innovation means you always have the latest technologies at your fingertips to help you provide the finest care possible. •The size, success and growth of our system provide you with the stability and options to pursue your desired career path. •Our competitive compensation and comprehensive benefits offer you options to complement your unique needs.