Job Purpose

To ensure and maintain the compliance of Payment Card Industry Data Security Standard (PCI DSS) in the Bank’s policies, procedures, and standard by introducing and embedding the new requirements, following on the changes with related functions, reviewing changes, requesting adjustments, as well as performing post-change monitoring to ensure the Bank’s procedures, policies, and standards meet PCI DSS criteria and create a secure environment for the Bank against possible data intrusions.

Location

• Head Office, Phnom Penh (01 Post).

Major Areas of Responsibility

• Keep abreast of new requirements from Payment Card Industry Data Security Standard (PCI DSS) and embed them into the Bank’s policies, procedures, and standards to ensure PCI DSS is compliant.
• Manage team activities through designing work schedules, assigning duties and responsibilities, and conducting performance review to maintain stable and quality work performance and uplift team productivity.
• Ensure complete follow up with related functions on the changes in the Bank’s Infrastructure, App, and Database level to ensure the PCI DSS is compliant through responsibilities as follows:

1. Actively be involved at the change preparation stage.
2. Review changes to comply with PCI DSS.
3. Request adjustment in policies, standards, and procedures after changes to comply with PCI DSS.
4. Perform post change monitoring after changes implemented.

• Ensure the Bank’s data security processes are proper analyzed and issue/threat to the PCI compliance are identified.
• Keep monitoring the Bank’s activities to maintain PCI compliance.
• Conduct periodic evaluations to identify weaknesses and non-compliance.
• Continuously provide coaching and mentoring to the team regarding the new requirements from PCI DSS.
• Perform other tasks assigned by line manager.

Qualifications

• Bachelor’s degree of IT, Computer Science, or related field.
• Minimum five years of working experiences in information security with a focus on PCI Security.
• Holding any cybersecurity global certified related training certification is plus.
• Demonstration of supervisory skills, team management and leadership experiences.
• Proven experience in implementing security solutions.
• In-depth knowledge of information security best practices, standards, and frameworks, PCI DSS, NBC, CIS, ISO, NIST.
• Comprehensive knowledge of risk management and controls.
• Understanding of IT auditing processes.
• Strong analytical skills.
• Good communication skill (verbal and written) English skills to present to senior management.