Technical Advisor II, Risk and Compliance Engineering

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.  Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.  We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.  Join our dynamic team and make your mark on the payments technology landscape of tomorrow. 

Description:

• Analyzes technical vulnerabilities to be remediated in collaboration with internal stakeholders
• Utilizes in-depth business and technical understanding of various application systems, security and compliance protocols to develop and  implement solutions to identify and remediate security vulnerabilities
• Identifies issues that can be actioned upon based on reviewing automated or adhoc reporting over various applications, infrastructures, and systems
• Performs analysis from securing scans and vulnerability reporting across various applications and infrastructures with an understanding on how to meet business and compliance needs based on industry standards and system requirements
• Identifies and coordinates with key stakeholders across those identified applications, infrastructure, and systems to ensure remediation and resolution of identified issues based on a solid understanding of applicable business/technology systems and industry requirements
• Works through issue resolution and/or mitigation from inception to completion
• Ensures appropriate documentation and mitigation/remediation plans are developed and provided for key vulnerabilities
• Contributes to the implementation of a comprehensive vulnerability reporting framework which supports the remediation of security vulnerabilities  
• Provides engineering and technical assistance on vulnerability security scans, penetration testing, vulnerability analysis, scan analysis, and/or security analysis
• Collaborates with stakeholders to design and implement automated measure to ensure security and compliance requirements are embedded within existing and newly developed applications and infrastructure

Minimum Qualifications:

• Strong technical aptitude with highly effective technical communications skills (verbal and written) to collaborate with technology teams and owners to ensure issue resolution/mitigation for identified vulnerabilities  

• Knowledge of infrastructure (server) and network systems and capabilities; Windows and Linux operating systems    
• Understanding of change management and secure code development practices and lifecycle        
• Knowledge of Asset Management concepts and governance models       
• Knowledge of various security scans, including but not limited to DAST (dynamic), SAST (static), (software composition analysis), infrastructure scans, penetration testing
• Proficient in creating, enhancing, and documenting policies and procedures
• Strong understanding of incident management processes
• Ability to work effectively in high-pressure situations
• Excellent design, problem solving and debugging skills
• Strong networking, organizational and prioritization skills with a desire to learn
• Strong interpersonal skills and ability to work effectively with diverse and distributed teams
• Qualified applicants must hold a four-year degree in an engineering, computer science or technical discipline OR an equivalent combination of education and experience
• Occasional travel may be required; less than 10%

Education Experience Minimum Qualifications

• Bachelor's Degree
• Relevant Experience or Degree in: IT, Computer Science, MIS or Business or equivalent work experience, such as relevant technical background and/or work product/SME knowledge in lieu of a degree
• Typically Minimum 8 Years Relevant Exp
• Designing and problem solving

Preferred Qualifications

• Ability to assess security risk, controls, and compliance in a variety of situations, architectures, and solutions.  Experience with controls definition, development, implementation and assessment.
• Software/infrastructure engineering experience 

• Knowledge of IT security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy 

• Developer experience in Python, Java, JavaScript, and/or C# preferred
• Developer experience with source code repositories, Bitbucket a plus
• Experience with collaboration tools, Jira/Confluence a plus. 

• Experience with CI/CD Tools, Jenkins, Maven and Groovy a plus.

• Knowledge of IT security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy 
• Strong understanding of industry frameworks and best practices (ex. NIST, ISO, CIS, etc.)
• Strong understanding of container ecosystems (Docker, Kubernetes, etc)
• Understanding of cloud environments (AWS, GCP, Azure) and integrating security controls through DevOps and Infrastructure as a Service (IaaS) techniques
• Database experience with Oracle, SQL Server, Postgresql, and others. 
• Industry Security Knowledge of OWASP Top 10, Sans Top 25, PCI DSS.

Global Payments Inc. is an equal opportunity employer.

Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.