External Description: Line of Business: OPS - IT Services Group Job Category: Professionals Primary Purpose Under the general supervision of the IT Risk Section Manager, provide various support duties related to executing/maintaining a highly effective PCI Compliance program for the BB&T; Corporation. Essential Responsibilities (List in order of importance) Assist with the execution, monitoring, and management reporting of the PCI Compliance program. Leads assessments of BB&T; lines of businesses, subsidiaries, and applications against the requirements of the Payment Card Industry Data Security Standard (PCI DSS). Maintains an advanced understanding of PCI requirements and apply this understanding to business areas that store, process, or transmit payment card data. Assists BB&T; lines of business with defining flow of payment card data and storage locations. Leads planning and tracking of remediation of areas of non-compliance with PCI DSS. Acts as a liaison between the business units and enterprise solution teams to ensure PCI Gaps are remediated effectively and on schedule. Prepares reports for management, card brands, and acquiring banks. Assists other IT Risk Management Program initiatives as necessary including annual IT Risk Assessment process. May require 20-30% travel. Minimum Qualifications (Education, experience, licensure, training, and specific skills to fulfill the primary duties and responsibilities of the job) Four year degree in Business Administration or Technology-related field, or equivalent education and related work experience. Minimum of 5 yrs experience with IT risk management, IT audit, IT compliance, information security or strong technical background. At least one year of experience with PCI compliance assessments and remediation activities. Past experience as a PCI Qualified Assessor (QSA) or Internal Security Assessor (ISA) preferred. Experience mapping out business processes (preferably those involving payment card transactions) and supporting components in Microsoft Visio. Ability to work independently or as a member of a team. Self motivated, inter driven. Exceptional interpersonal skills. Exceptional written and verbal communication skills. Exceptional analytical and organizational skills. Ability to identify measure and communicate risk in a timely manner. Strong knowledge of PC applications such as Microsoft Office (WORD, Excel, PowerPoint and Access). Strong presentation and facilitation skills. Ability to travel, occasionally overnight. Desired Qualifications (but not required) * 2+ years of banking experience. * Thorough understanding of network topology and associated risks. * 1 or more professional certifications such as: CISSP, CISA, CIA, CRP, CISM, CRISC, ISA, QSA, PCIP Minimum Qualifications: 1. Bachelor?s degree in a technical or business field, or equivalent education and related training 2. Five years of demonstrated progressive experience in information technology areas of application, networking, telecommunications, database, servers, security and web in a medium to large corporation at the enterprise level or similar consulting experience 3. Two years of demonstrated proficiency in systems integration involving both IBM Mainframe legacy systems as well as distributed systems 4. Clear ability to express complex multi disciplinary technical/telecommunications and business concepts in terms that are understandable to all levels of Lines of Business and corporate management both verbally and in writing 5. Ability to grasp the ?big picture? for a solution by considering all potential options and impacted areas 6. Aptitude to understand and adapt to newer technologies 7. Excellent understanding of client service models and customer orientation in service delivery Responsibilities: 1. Collaborate with internal IT service providers in evaluating and gathering technical requirements for business clients? projects and initiatives. 2. Research clients? requirements to develop potential technical solutions by interacting with any internal and/or external solution providers and subject matter experts. 3. Communicate and document potential solutions, impact analysis, benefits/risks, implementation requirements, and recommended approach. 4. Remain aware of the corporate technology, infrastructure, standards, processes, and strategic direction and to use these tools to help guide the client in accomplishing their business goals. 5. Advise on options, improvements, cost savings opportunities and cross-project impact to other business processes and systems priorities. 6. Provide approved project guidance and support services, as needed.