AddressAn extraordinarily talented group of individuals work together every day to drive TNS' success, from both professional and personal perspectives. Come join the excellence!
Overview
The Risk Management area is responsible for identifying, assessing, and mitigating risk. May include establishing risk management procedures and processes to ensure adherence to policies.Responsibilities
Key Responsibilities:
- PCI-SSF Compliance: Ensure adherence to Payment Card Industry Secure Software Standard Framework (PCI-SSF) guidelines in all software development and maintenance processes.
- API Security: Implement and maintain robust security measures for APIs (Application Programming Interfaces) to safeguard against unauthorized access, data breaches, and other security threats.
- Database Security: Develop and enforce security policies and procedures to protect sensitive data stored in databases, including encryption, access controls, and data masking techniques.
- Vulnerability Management & Compliance: Identify, assess, and mitigate security vulnerabilities in software systems to ensure compliance with regulatory requirements and industry standards.
- End-of-Life Management: Manage end-of-life (EOL) processes for software applications and systems, ensuring timely updates and migrations to newer, supported versions to mitigate security risks associated with obsolete software.
- Industry Threats & Best Practices: Stay updated on emerging threats, vulnerabilities, and best practices in the payments industry, and incorporate them into the organization's security strategy.
- Secure Code Guidance: Provide guidance and training to software developers on secure coding practices, including input validation, parameterized queries, and secure authentication mechanisms.
- Security Testing: Oversee the implementation of security testing methodologies such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify and remediate security weaknesses in software applications.
- Application Security Posture: Monitor and evaluate the overall security posture of applications, identify areas for improvement, and implement measures to enhance security resilience.
- Operating System & Package Management: Ensure that operating systems are kept current with security patches and updates, and manage dependencies on third-party packages, DLLs (Dynamic Link Libraries), and libraries to mitigate potential security vulnerabilities.
- Hardware Security Modules (HSMs): Implement and manage Hardware Security Modules to safeguard cryptographic keys and perform secure cryptographic operations in payment processing environments.
- Black Hat/White Hat: Collaborate with security researchers and conduct simulated attacks (white-hat) to identify vulnerabilities and weaknesses in software systems, while also staying vigilant against potential malicious attacks (black-hat).
- Software Bill of Materials (SBOM): Maintain a Software Bill of Materials to track and manage software components, dependencies, and associated security vulnerabilities throughout the software development lifecycle.
Qualifications
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred.
- Professional certifications such as CISSP (Certified Information Systems Security Professional), CSSLP (Certified Secure Software Lifecycle Professional), or equivalent.
- Extensive experience in software security management, preferably in the payments industry.
- In-depth knowledge of PCI-DSS (Payment Card Industry Data Security Standard) and other relevant regulatory requirements.
- Proficiency in security testing tools and techniques, including SAST, DAST, and vulnerability scanning tools.
- Strong understanding of cryptography, secure coding practices, and security protocols.
- Excellent communication and leadership skills, with the ability to collaborate effectively across teams and communicate complex security concepts to non-technical stakeholders.
If you are passionate about technology, love personal growth and opportunity, come see what TNS is all about!
TNS is an equal opportunity employer. TNS evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
