IT Compliance Manager
This position reports to the Senior Director of Information Technology and has the key responsibility of executing the organization’s strategy for access controls, compliance, technology audit, and penetration testing to support the organization’s business units and ensure risk management and regulatory compliance. Included in this is a strong focus on PCI DSS standards.
Essential duties include the following:
- Review annually the Information Security policies and procedures manual to maintain adequacy in light of emergent business requirements or security threats.
- Consult with the various business units to confirm that any new acceptance channels for credit cards have been included in the scoping process.
- Maintain and update as necessary the PCI Environment Descriptions.
- Create as necessary new information security policies and procedures.
- Monitor museum-issued and employee personal devices to ensure they meet user ID and personal password requirements.
- Maintain a role-based access control by defining the different roles and minimum access levels.
- Manage the authorization process for contractor accounts to provide an audit trail of IT authorized access by third party agents.
- Document all firewall and router security rule changes.
- Utilize file integrity monitoring tools on all systems in the PCI environment to alert personnel to unauthorized modification of critical system files, configuration files, or content files.
- Update the System Configuration standards to reflect measures required for protection from any newly discovered vulnerability.
- Monitor compliance with Paper and Electronic Media Policies in all departments that have access to credit card data.
- Verify that employees that handle PCI data have up-to-date training materials and have been properly trained.
The ideal candidate will have the following qualifications:
- Bachelor’s degree in Information Technology or related field and 3-5 years of experience in an IT or computer related position.
- Intermediate-level knowledge of IP Networking and Active Directory access permissions on file shares, servers, files, and applications in a Microsoft Windows environment.
- Knowledge of applications currently utilized by the Museum including Microsoft products (operating systems and office productivity), Gateway (ticketing), Counter Point (retail), Raiser’s Edge (fundraising), and Financial Edge (accounting), as well as extensive knowledge of current developments in the field of information technology.
- Knowledge of MS SQL, VPN, Active Directory, Windows Server Administration, Citrix and other technologies.
- Ability to research problems quickly and resolve issues with minimal direct supervision.
- Ability to communicate technical issues in non-technical terms understandable to management and staff without information technology expertise.
- Ability to work on multiple projects simultaneously, frequently with short immediate deadlines.
- Ability to work a flexible schedule, including evenings and weekends, to complete tasks and meet deadlines.
Please visit our careers page to see more job opportunities.