Bell is a truly Canadian company with over 135 years of success. We are defined by the passion of our team members and their belief in our company’s vast potential.
To ensure we continue to be recognized as Canada’s leading communications company, we’re committed to finding and developing the next generation of leaders. This means creating best-in-class career and development opportunities for our employees.
If you’re passionate, driven and find yourself seeking interesting work, new challenges and continuous learning opportunities, then we want you to join our team.
Corporate Groups offers best practice services to support the organization, including Finance, Legal & Regulatory, Brand, Corporate Services – including HR, Communications, Real Estate, Security and Procurement & Value Creation.
Bell is currently seeking a candidate for the position of a Senior specialist IS Compliance for PCI-DSS. Reporting to the Senior Manager Information Security- Compliancy. The incumbent is responsible for the planning, implementation, and tracking of the annual Payment Card Industry - Data Security Standard (PCI – DSS) Re-certification for Bell Canada as a merchant. Also responsible of network and system vulnerability assessment testing (VA scans and penetration testing).
Responsibilities are:
Facilitate the PCI – DSS Tactical Steering Committee:
- Schedule and chair the monthly PCI – DSS Tactical Steering Committee meeting
- Communicate any changes in the PCI – DSS to the committee members
- Prior to the annual re-certification ensure all process and procedure documentation reflects the actual work activities
- Ensure all quarterly and semi-annual scans and penetration testing is completed and the evidence is filed in the PCI e-space and GRC repository
Plan the annual Re-certification project:
- Define the scope of the Re-certification Project in collaboration with the internal QSA’s, the Tactical Steering Committee, senior management and the external QSA’s
- Create a detailed work plan, which identifies and sequences the activities needed to successfully complete the Annual Re-certification Project
- Identify the required Bell, IBM and CGI SME’s required for the Field Work Interview(s)
- Determine the resources (time, money, equipment, etc) that will be required to support the collection and filing of Field Work Interview evidence
- Determine the resources required to remediate any identified Gaps
- Develop the Field Work Interview schedule identifying all required participants and locations
- Working with the external QSA’s identify and document the Testing Requirements for each of the Field Work Interviews
- Schedule a Kick-off Meeting to review the project schedule with senior management and all other staff that will be a part of the Re-certification activities; revise the schedule as required
- Schedule the project team weekly status reviews
- Set-up the current year e-space and GRC repositories
- Contract qualified consultants to work on the project as appropriate
Implement the Re-certification Project:
- Execute the Annual Re-certification Project according to the project plan and Field Work Interviews
- Distribute the Field Work Interview schedule and Field Work Testing Requirements
- Develop the Communication Schedule for the annual re-certification activities including:
- The distribution of the Annual Re-certification Dash Board and the weekly Status Reviews
- Make schedule adjustments as necessary to the Field Work Interview schedule to ensure an on-time completion
- Monitor the progress of any identified Gaps from “Open” through to “Closed”, escalating as necessary to ensure a timely resolution
- Control the Annual Re-certification project
- Document and distribute The Annual Re-certification Dash Board on a weekly basis to the Senior Steering Committee, the Tactical Steering Committee, all team members, Bell, IBM and CGI SME’s, Field Work Interview attendees, internal and external QSA’s
- On a weekly basis update and distribute the Status Report, Action, Issue, Risk and Decision Log
- Monitor the progress of the Field Work Interviews and make adjustments as necessary to ensure the successful completion of the project
- Monitor the progress of any identified Gaps from “Open” through to “Closed”, reporting on a weekly basis to the PCI Compliance Annual re-certification Project Owner
- Ensure all evidence collected is filed in the Current Year PCI e-Space and GRC repositories
- Monitor and approve all planned project expenditures
- Manage all project funds according to established accounting policies and procedures
- Ensure that all financial records for the project are up to date
- Prepare financial reports and supporting documentation as outlined in funding agreements
VA Sans & Penetration testing:
- Prepare annual penetration testing and quarterly VA scans schedules for the systems that are in scope of PCI-DSS (CDE, DTS and Common Infrastructure).
- Coordinate through change management the testing with system and application owners
- Perform VA scans using different scanning tools (MVM McAfee, Qualys), report findings and coordinate remediation
- Perform penetration testing and report findings and coordinate remediation
Required qualifications:
- Strong knowledge of PCI standard version 3.0
- 2-3 years of experience in IT project management
- 5-7 years of experience in vulnerability assessment
- The following certifications are an asset: ITIL, CISSP, CISM, QSA, PMP and CISA
- Knowledge of process engineering and project management
- Sound document writing skills
- Good knowledge of common office tools.
Behaviour skills:
- Initiative
- Sense of collaboration (teamwork)
- Interpersonal Skills
- Ability to influence
- Compliance with commitments
- Results Orientation
- Verbal and written
- Supervision and monitoring
BCE:WKP #feature *LI-MI
Bilingualism is an asset (English and French)
Additional Information:
Position Type: Management
Job Location: Canada : Ontario : Mississauga || Canada : Ontario : Ottawa || Canada : Quebec : Montreal
Application Deadline: 06/12/2015
Please apply directly online to be considered for this role. Applications through email will not be accepted.
Bell is committed to fostering an inclusive, equitable, and accessible environment where all employees and customers feel valued, respected, and supported. We are dedicated to building a workforce that reflects the diversity of the communities in which we live and serve, and where every team member has the opportunity to reach their full potential.
Created: Canada, ON, Mississauga