PCI Security Analyst

Princeton University is a vibrant community of scholarship and learning that stands in the nation's service and in the service of all nations. Chartered in 1746, Princeton is the fourth-oldest college in the United States. Princeton is an independent, coeducational, nondenominational institution that provides undergraduate and graduate instruction in the humanities, social sciences, natural sciences and engineering.

Princeton University is seeking a PCI Security Analyst to join its Enterprise Infrastructure Services (EIS) department within the Office of Information Technology (OIT). OIT, with its diverse staff of more than 285 employees, is responsible for the central information technologies, resources, and infrastructure that support the University's research, teaching, and administrative missions.

* Identify/interpret/communicate evolving PCI DSS requirements for Princeton University systems * Assist with the evaluation of third-party application software for PCI compliance * Assist with the evaluation of credit card processing devices for PCI compliance * Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed * Assist in preparations for responding to the annual SAQ D * Determine, document, and publicize the availability of PCI technical requirements to the campus * Work with University departments to ensure that they are aware of and understand the technical PCI requirements that they must adhere to and sign off on * Contribute content on PCI compliant requirements to support resources, including knowledgebase articles, quick reference cards, webinars, and training classes to raise campus understanding of PCI compliance. * Participate as an integral part of the team: own, follow through, initiate and communicate with peers and management * Continually learn and actively share and foster exchange of knowledge and skills * Perform ad hoc projects as required (primarily in the area of enterprise infrastructure)

* Minimum of 3+ years of hands-on security assessment, quality assurance, or PCI DSS experience * Understanding of information systems and networking diagrams * Working knowledge of the financial industry and the lifecycle of payment card transactions * Working experience with software development methodologies and practices * Working knowledge of audit methodologies and security assessment tools * Excellent interpersonal and customer service skills; the ability to collaborate with colleagues and customers from different levels of the organization and with varied levels of technical understanding, as well as the ability to work independently * Excellent written and oral communication skills, can express thoughts clearly * Able to multi-task and work independently with minimum supervision to meet firm deadlines * Flexible, proactive and possessing a can-do attitude, with a willingness and enthusiasm for learning new technologies and techniques that support evolving needs * A blend of curiosity, creativity, persistence, commitment, passion and optimism **Preferred Qualifications** * Experience working as a PCI resource on a PCI DSS or CISP PABP project * Experience working as a PCI Qualified Security Assessor or CISP Qualified Payment Application Security Professional (QPASP) * Experience evaluating various information systems, networks and/or payment applications * Experience with network vulnerability scans, such as Approved Scanning Vendor (ASV) * Experience in testing and documenting software security lifecycles from development to deployment * Ability to work with a diverse group of security professionals with various roles and responsibilities