Director – Cybersecurity, Payment Security Standards

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

Are you passionate about security and the ability to be at the forefront of driving responsible innovation in payments ecosystem? We are seeking talent with deep curiosity and passion for Problem Solving in a fast-moving industry. The Director – Cybersecurity, Payment Security Standards delivers best-in-class payment security risk insights to drive improved industry standards and support responsible innovation. The successful candidate will represent Visa at industry standards forums like PCI, ANSI, ISO to develop security standards for the payment industry, bringing technical expertise to key internal and external stakeholders.

As a Founding Member of Payment Card Industry (PCI), Visa maintains and evolves the payment industry standards, which have been expanded to include PIN Transaction Security (PTS) POI and HSM requirements, P2PE Standard, the PCI Secure Software Framework (SSF) standards and the PCI Mobile Payments on COTS (MPoC) standard.

We are seeking a highly motivated individual who is fluent in Payment Security Standards, is highly analytical, an exceptional communicator and an excellent problem solver. 

Essential Functions:

·         Working with internal and external stakeholders to provide insights into security standards and to assess requirements and standards for new and evolving areas of innovation as they arise. 

·         Conducting cross functional workshops with various internal stakeholders to ensure Visa’s collective voice on security standards is captured, consolidated, documented, and fed back into Standards bodies.

·         Provide ecosystem risk guidance and direction into the development of new products, solutions, services and business initiatives across Visa’s product and payment verticals.

·         Develop into a subject matter expert within the Payment Card Industry (PCI) with ability to provide expert guidance to Visa teams regarding applicable PCI Council standards.

·         Develop materials, best practices, standards, policies and procedures for issues related to emerging technologies affecting the payment ecosystem as necessary to support global clients in the adoption and implementation of Visa products.

·         Develop industry and companywide initiatives in support of meeting PCI requirements and industry mandates. Manage a portfolio of standards working groups and leverage Visa’s deep domain experts within risk, technology, product to uplift standards as the industry evolves.

·         Identify and assess emerging data security risks and trends and provide recommendations for policy and procedure changes to Visa’s data security compliance programs as necessary.

·         Maintain proficiency with current security best practices for the payments industry and serve as a trusted partner to implications and solutions to Visa teams.

·         Conducting training and awareness on new product innovations, new technologies and standards in the payment industry.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Qualifications

Basic Qualifications:
- 10+ years of relevant work experience with a Bachelor’s Degree or at least 7 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 4 years of work experience with a PhD, OR 13+ years of relevant work experience.

Preferred Qualifications:
- 12 or more years of work experience with a Bachelor’s Degree or 8-10 years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 6+ years of work experience with a PhD
- 12 or more experience in information security, risk management, data security compliance, payments and/or acquirer/issuer fraud reduction programs, or 8+ years’ experience with an Advance Degree.
- Familiarity with the PCI ecosystem, PCI Security Standards Council (PCI SSC), PCI SSC standards and Payment Brands and Schemes compliance programs.
- Direct experience in executing data security programs or security consulting.
- Demonstrated aptitude to think creatively to identify new ways to approach common risk and data security problems.
- Excellent communication skills, both verbal and written. Capable of clearly articulating a technical position on a topic, canvasing support from technical peers on the merits of the position and communicating outcomes to wide array of stakeholders (both technical and non-technical).
- High level of self-motivation and initiative. Able to operate effectively as a team player.
- Excellent time management skills with ability to pursue multiple initiatives simultaneously and deliver results.
- Working knowledge of cryptography and cryptography and key management standards applicable to payment industry (e.g., NIST SP 800-57, ISO/IEC 11770).
- Experience with secure cryptographic devices such as HSMs, evaluated to PCI PTS HSM, IPS 140-3, or ISO/IEC 19790 standard, and the point-of-interaction (POI) hardware devices that have been evaluated to PCI PTS POI standard.
- Knowledge of cloud technologies and security standards (e.g., ISO/IEC 27018).
- Knowledge of software security and secure software lifecycle standards (e.g., (PCI Secure Software Framework, ISO/IEC 12207 and NIST Secure Software Development Framework) and software maturity models (e.g., BSIMM and Open SAMM).
- Understanding of mobile solutions architecture, distribution, and applicable standards (e.g., PCI Software-Based Pin Entry on COTS, PCI Mobile Payments on COTS).
- Professional certifications (e.g., CISSP, PCI QSA, PCI ISO, PCI PCIP, GIAC (various), CISM, CCSP, CISA, CRISC, AWS Security, AWS Advanced Networking Specialty, AWS Solutions Architect) or equivalent.

Additional Information

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.

U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 139,200.00 to 181,100.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.