Senior Standards Engineer, Key Management Operations (KMO)

Job Description

Job Title: Senior Standards Engineer, Key Management Operations (KMO)

Department: Standards

Location: North America

Reports To: Head of Product and Technology

Fair Labor Standards Act (FLSA) Status: Exempt

SUMMARY

Reporting to the Head of Product and Technology, the Senior Standards Engineer will play a significant role in the ongoing development of PCI security standards, as well as contributing to Council programs and initiatives. You will work as part of the Standards Team, interfacing with technical working groups, industry stakeholders, and other subject matter experts to produce content for our portfolio of standards. This includes the development of requirements and assessment procedures to meet security objectives, as well as guidance documents, information supplements, and other documents to support adoption and implementation of the PCI standards.

The Senior Standards Engineer will interact with a diverse, global group of payment security professionals and stakeholders and will contribute to global security standards within the payments ecosystem.

This is a 100% remote role that is highly collaborative. You will be frequently engaged with Council staff and will contribute to various meetings throughout the week, primarily during US business hours.

What you will be doing in this role:

• Contribute first-hand security experience and subject matter expertise to develop technical security requirements and test procedures for the PCI security standards.
• Draft and contribute to materials covering various payment industry technologies and topics such as mobile payments, cryptography, and key management.
• Coordinate research and input from various stakeholders on current standards, evaluate feedback, provide recommendations, and draft changes as agreed to by the working groups.
• Contribute articles and content to various stakeholder communications, including newsletters, blog posts, training programs, and marketing releases.
• Chair meetings, facilitate discussions, and coordinate work efforts with various stakeholder groups to achieve meeting objectives.
• Assist in identifying improvements to the processes for creating, publishing, and maintaining policies, procedures, processes and/or related documents related to the PCI standards.
• Participate in the creation and presentation of materials for internal and external webinars and in-person presentations.
• Respond to technical inquiries received by the Council.
• Maintain proficiency with current security best practices for the payments industry.
• Collaborate across all PCI SSC teams, including standards development, program management, and stakeholder engagement, to support company goals and objectives.
• Willingness to travel up to 15%.

What you will bring to this role:

• Strong business and technical writing skills with experience writing technical documentation, standards, procedures, training documentation, or information security articles.
• Ability to process information with high levels of accuracy and present technical concepts to audiences with a diverse understanding of information security.
• Attention to detail, self-discipline, and time management skills.
• Ability to work effectively and meet quality and schedule deadlines in a remote work environment.
• Flexible, proactive, quick to learn, and possessing a can-do attitude.
• A blend of curiosity, creativity, persistence, commitment, passion, and optimism.

What you will need for this role:

• At least 7 years technical experience in one or more technical security fields (e.g., data security, software security, embedded security, cyber security, information security, network security, etc.).
• At least 3 years of experience with payment technologies or infrastructures, such as mobile payments, cryptography, or key management.
• Expertise in implementing or evaluating security for at least one of:
• Mobile and e-commerce payment acceptance infrastructures
• Cryptographic protocols, algorithms, and key management architectures

What will make you stand out:

• Bachelor's degree or higher in a related technical field.
• Hands-on experience with implementing, managing, and/or assessing to one or more PCI security standards (e.g., P2PE, SPoC/CPoC, PIN, PTS POI/HSM, etc.).
• Experience in writing formal compliance documentation, such as standards or policy documents.
• Published papers, blogs, presentations, etc. on mobile or cryptographic security.

The starting minimum salary for this role is $145,000 USD annually, plus bonus. The final compensation will be based on skills, experience, geographic location, and other relevant factors.

To learn more about the PCI Security Standards Council, visit https://www.pcisecuritystandards.org/

PCI SSC is an Equal Opportunity Employer.