Previous Job
EPMO Program Manager/Treasury
Ref No.: 18-15337
Location: Dimondale, Michigan
Designs, plans, and coordinates work teams. Follows standard project management industry practices such as the PMI's framework. Understands business and technical objectives of a project and works closely with project sponsor.

Job Description:

Skills, Experience and Qualification Areas for Audit, Assurance and Compliance Projects

• 5 to 10 years or more experience working in regulated financial industry or in a financial organization / department. Examples:?
o Banking
o E-Commence
o ?Federal / State / Large Local Government Treasury Departments
o University or Research organization which operates under PCI, IRS, FERPA, GLBA, or similar regulations.

• 5 years+ IT Compliance, IT Security or IT Audit Experience involving?the following technology areas:?technology architecture, data center controls, databases and data management, application life cycle, encryption and key management, server management, networking, vulnerability management, incident management, business continuity and disaster recovery.?

• Ability to research, appropriately interpret and apply complex regulations, technical standards and guidance. Examples:
o IRS Tax Code – IRS IRC 61016 and?IRS Publication 1075
o NIST Technical Series Publications
o Payment Card Industry Data Security Standards (PCI DSS)
o Federal Information Security Management Act (FISMA)
o Sarbanes Oxley 404 -? General IT Controls
o Open Web Application Security Project (OWASP)

• Working knowledge of PCI DSS, IRS Safeguards Reviews, and / or other regulatory or compliance type reviews, attestation engagements, etc.

• General understanding of penetration testing, host vulnerability scanning, network security and application (code) scanning.

• Demonstrated ability to assess risk, with a general understanding of compensating and mitigating controls.

• Ability to understand the audit lifecycle, system development lifecycle and IT project lifecycle.?
• Demonstrated ability to summarize technical information in a manner appropriate for executives.
• Demonstrated ability to successfully lead and coach teams comprised of both functional and technical personnel.? Demonstrated ability to work across a complex network of stakeholders, technology teams, business teams, vendors /other supporting external parties.

• Contract Management Experience. (May need to work with vendors who are operating under various, different SOM contracts. May need to contribute to / provide project management skills for Pen Test Statement of Work, PCI QSA Statement of Work and other SOWS for remediation.)

Responsibilities for PCI and IRS Program / Project Manager:

• Manage cyber security, infrastructure teams, agency application teams, vendors, third-party auditors, and client sponsor team to earn the annual Report on PCI Compliance and the triennial IRS Safeguards Review Engagement. Team sizes of ~ 100 to 250 members across 16 agencies.
• Work with the sponsors to coordinate the annual PCI on-site assessment and triennial IRS Safeguards On-Site Review. Provide metrics to demonstrate resource need.
• Lead and / or participate in PCI?Core Team Meetings and IRS Safeguards Review Core Team Meetings
• Lead / Co-Lead PCI Steering Committee Meetings and IRS Safeguards Review Steering Committee
• Manage quarterly data loss prevention / inspection activates
• Manage and escalate issues where PCI compliance may be at risk.
• Working with the Treasury Sponsor, track and report on the PCI compliance status of payment processes and applications so that enterprise level compliance can be determined.
• Track and report on the remediation plans and timelines associated with PCI gaps / vulnerabilities.
• Coordinate the delivery of annual PCI Application Training for developers
• Working with the Agency and Technology Sponsors and PCI Core Team host the annual PCI Kick-Off Meeting
• Working with the Agency and Technology Sponsors, to plan for and host the IRS Safeguards On-site Review
• Track effort and costs associated with the Compliance Projects (e.g., PCI and IRS Safeguards)
• Prepare status reports for various audiences (general stakeholders, technical participants, business/functional participants and executives)
• Collect, organize and analyze evidence demonstrating PCI Compliance
• Lead sessions to develop compensating controls and risk management plans

Preferred Desired Skills
• Technical Security Certification preferred.? Examples: CISSP, CSX, or CISA.
Project Management Certifications required: PMP