Cornerstone Services

Sr Security Engineer - PCI

Security Analyst in Cincinnati, OH

Posted 2019-09-03

Business Unit Summary

Advanced technology professional providing broad cybersecurity expertise, with focus to assure PCI-DSS compliance. Seen by IT colleagues as a technical resource in their areas of expertise. Responsible for the protection and understanding of risk in relation to business information assets, meeting global security standards and compliance with regulations. Serves as a PCI-DSS specialist, providing knowledge and actionable guidance to the enterprise as it relates to current and future processes. Ensuring there is a clear understanding of the enterprise security posture at all levels.

A Day in the Life

Leads in the evaluation of new and existing technologies and makes strategic recommendations.
Shares best practice, promoting and standardizing on consistent and efficient processes.
Promotes security awareness.
Works independently to design environments of increasing complexity and scope.
Contributes to design specifications and the minimization of PCI scope.
Collaborates with internal teams and external parties on general cybersecurity related activity.
Leads PCI assessments and identification of gaps to achieve and sustain compliance.
Develops, maintains, distributes and reports on program of work and project plans.
Identifies scope, recording and tracking associated inventory, ensuring significant change is monitored and controlled.
Proactively identifies control weaknesses and deficiencies, assessing risk and impact, supporting risk register updates, collaborating to drive risk reduction and removal of compensating controls
Leads technical design. Defines project plans, provides estimates, identifies key milestones, and raises critical project issues such as technical constraints or resource needs and proposes alternative solutions.
Reviews vendor proposals and their evaluation, making appropriate recommendations.
Makes cybersecurity-based recommendations and ensures they are implemented.
Facilitates internal and external audits, ensuring timely collation of evidence, championing completeness and accuracy of reviews, driving continuous improvement and efficiency.
Performs and executes self-assessment activities.
Supports first and second level operational support, providing third level support for production systems when necessary.
Reviews and ratifies standard operating procedures and flowcharts to support processing logic. Assists other team members with tackling support. More complex work with third parties, vendors and partners. Leads practical improvements to support process where efficiency is lacking.
Develop and drive standards for all layers of Cybersecurity (i.e. people, process, technology).

Keys to Success
At Qurate Retail Group, if you are Agile, Innovative, Pioneering, Dynamic, Boundaryless, Passionate, Customer-Centric, Collaborative, and Results-Focused, you will love it here!

Must Haves

5+ years of related experience
Degree educated or equivalent – Information / Cybersecurity, computer science or other related to support job specifics.
PCI certification e.g. PCIP, PCI ISA, PCI QSA
Proven experience of combined security and\or IT work experience in a position focused primarily on information security.
Demonstrates developed knowledge and thorough understanding in technical domain.
Expert in multiple facets of the technology platform can independently evaluate and drive resolution of all problems in their core competencies.
Maintains and extends expertise in own domain while also developing knowledge of emerging technologies and other related technologies.
One or more professional security certifications e.g. CISSP, CISM, CISA, or relevant SANS certification. Proven experience of combined cybersecurity and/or IT work experience in a position focused primarily on information security.
In-depth knowledge of information security standards, best practices, and common data confidentiality regulations e.g. ISO27001/2, NIST, EU Privacy, PCI, Sarbanes-Oxley, HIPAA, etc.
Demonstrated ability to translate business requirements into appropriate controls in a client-focused environment.
Experience in conducting security and risk-based audits in technology environments – as a lead auditor.
Proven experience in writing audit reports for different audiences
Demonstrates developed knowledge thorough understanding in technical domain.
Stays current with technology developments and competitive trends, uses this knowledge to identify and propose PCI compliance strategies to the enterprise.
Ability to obtain ISA (Internal Security Assessor) certification within 12 months.

(Candidates will be considered in totality of their skills and experience versus strict interpretation of “must haves.”)

Nice to Haves
Previous experience as a PCIP, ISA or QSA preferred.
Risk Management certification or equivalent experience e.g. CRISC
Project Management or equivalent experience e.g. PMP, Prince2, CSM
Possesses good understanding of the retail industry

Ready to be Seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Company summary

Cornerstone Services offers expertise and corporate support across the five Cornerstone Brands. These shared services include Information Technology, Digital Commerce, Customer Care, and Distribution.


Our team members enjoy a competitive benefit program including health and retirement plans, merchandise discounts, volunteer days, and more. We encourage growth and development across the company. Most importantly, we have fun; Medical (includes prescription drug coverage); PPO style plan; High Deductible Health Plan (HDHP); APCN Network; Dental; Vision; Group Life Insurance and Accidental Death & Dismemberment Insurance; 1.5 times annual base salary (100% employer paid); Supplemental Life Insurance; Short Term Disability; Long Term Disability; Flexible Spending Accounts; Pet Care Discount; CollegeBound Plan; Legal Services; Paid Time Off.

Interview process

HR prescreen; technical prescreen; onsite behavioral and technical interviews; offer process.

Be Seen in a new Security Analyst job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and Be Seen.