Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.
Summary of This Role
Evaluates, tests, recommends, develops, coordinates, monitors, and maintains information security policies, procedures and systems, including hardware, firmware and software. Ensures that IS security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IS standards and overall IS security. Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents. Investigates and resolves security incidents and recommends enhancements to improve security. Develops techniques and procedures for conducting IS security risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents.
What Part Will You Play?
- Proactively monitors complex systems and response to known and emerging threats against the Global Payments network via intrusion detection software.
- Completes detailed, comprehensive investigation of security issues by reviewing security log data, interpreting data in support of security event management process from various data feeds and triages on a wide variety of security events.
- Performs incident handling process by maintaining knowledge in implementation of containment, protection and remediation activities.
- Keeps up-to-date knowledge of new and emerging threats that can affect the organization's information assets by analyzing third party software/solutions, IT configuration changes (including access control requests), and network/system architecture from risk perspective.
- Responsible for the design and configuration of security systems, including proxy, remote access, mail gateway, intrusion prevention, wireless networking, data leak prevention, security information and event management and web application firewalls.
- Provides input in assessing and disseminating threats related to the enterprise in regard to current vulnerability by managing and developing an emerging threat model.
- Assesses risks based on changes to implementation of ISO/BSO; enhances knowledge of PCI, HIPAA, PII, and Card personalization.
- Creates cost effective solutions for system/application development regarding Information Security processes and concepts in applicable systems and software.
- Performs day-to-day Information Security functions pertaining to computer access control on numerous security software products and processes.
- Enhance understanding of business objectives and helps providing direction based on risk, Corporate Policy, and regulatory guidelines.
- Participates in developing long term strategies for conducting system penetration, vulnerability and web application testing, risk assessments, policy creation.
Minimum Qualifications
- Bachelor's Degree in Computer Science, Info Security, or related field or related work experience.
- Typically minimum 4 years relevant experience.
- Experience including network operations or engineering or system administration on Unix, Linux, MAC, or Windows; working with security operations, intrusion detection systems, Security Incident Event Management systems, and anti-virus logs; knowledge of security compliance programs (PCI, SOX, GLBA).
Preferred Qualifications
- Professional certifications: CISSP, CISM, CISA, GSEC, Network+, Security+.
- Typically minimum 6 years relevant experience.
- Knowledge of security compliance programs (PCI, SOX, GLBA).
Desired Skills and Capabilities
- Seasoned, experienced professional with full understanding of specialization.
- Works on problems of diverse scope requiring evaluation of identifiable factors.
- Demonstrates good judgment in selecting methods and techniques.
- Normally receives little instruction on day-to-day work.
- Ability to identify, communicate, and mitigate risk within technical solution designs.
- Continued self-education of new and emerging threats and relevant mitigation processes.
- Knowledge and skills to contribute to all phases of Incident Response.
- Experience with SAST, DAST, OWASP tooling, PCI DSS.
