17 days old

Cybersecurity Analyst – Governance, Risk & Compliance

San Francisco , California 94128
  • Job Type
  • Job Status
    Full Time
  • Shift
    1st Shift

Under the direction of 0941 Manager VI, Chief Information Security Officer (CISO), the 1054 IS Business Analyst Principal - Cybersecurity Analyst – Governance, Risk and Compliance, position will be responsible for providing ongoing supervision of Payment Card Industry (PCI) compliance for Airport credit card processing systems. Responsibilities include completing Self-Assessment Questionnaires, ensuring that all IT PCI policies and procedures are being followed, managing that the annual Report on Compliance (RoC) is completed in a timely manner, ensuring that the yearly PCI-Qualified Security Assessor (QSA) gap assessment, audit and ensuring remediation items are completed and ensuring that all other technical IT aspects of compliance are being completed as required. In addition, this position will assist the ITT Compliance Officer in the implementation and improvement of ITT services and processes related to ITT operational policies, standards and compliance to include PCI, Information Technology Infrastructure Library (ITIL) best practices and International Standards Organization (ISO) compliance and certification.

Duties will include needs analysis, project planning and management, process development, data analysis, process implementation and testing, technical and procedural documentation, user training, and post-implementation assessment and administration; and direct and participates in complex studies.

The essential functions of this position include:

·         Successfully manages PCI compliance, which should include but not limited to, knowledge in complying with PCI standards, ITIL best practices and ISO standards.

·         Understands the processes of Change Management, Incident Management, Configuration Management, Release and Deployment Management, Business Continuity Management, Information Security Management System (ISMS) and the PCI standard

·         Participates in internal Audits of company against the ISO and PCI standards to earning certifications and maintaining compliance

·         Manages and implements PCI standards and policy improvement projects

·         Gathers PCI and ISO related requirements and information regarding continuous compliance assurance; analyzes and evaluates needs and provides recommendations; conducts feasibility studies; provides documentation of requirements

·         Establishes PCI metrics and reporting for measuring the successful delivery of PCI standards, processes and policies

·         Works with the ITT Compliance Officer, to manages PCI and ISO Standards, Service Management processes and services and ongoing operational improvements through the ITT Continuous Improvement process

·         Manages to and assists in, the development of detailed project charter and plans, based on four standard phases Initiation, Planning, Execution & Project Closeout and continuously monitor, maintain for progress reports, as required

·         Sets expectations with customers/users and project team members; identifies opportunities for improving PCI and ISO standard processes

·         Assists in the management of the project schedule, resources and communications, integration, procurement and quality of outcome

·         Assists in monitoring progress to ensure timely completion per project plan and schedule. Communicates status to all key stakeholders on a regular basis

·         Understands and responds to the service needs of the customer/user at all levels, assures proper planning and documentation of processes and services to meet user requirements

·         Responds quickly and proactively to resolve problem situations; effectively escalates issues as required

·         Ensures effective communication between management, customer/users, and, if applicable, external consultants

·         Performs related duties and responsibilities, as assigned


An associate degree in computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in computer science or a closely-related field];

Five (5) years of recent and verifiable experience in IT project development, management and maintaining International Standards Organization and/or Payment Card Industry compliance.
Note: The five (5) years of experience requirement must have been obtained within the last seven (7) years.

Education Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units or forty-five (45) quarter units with a minimum of 10 semester or 15 quarter units in computer science or a closely related field.

Additional Requirement
In addition to meeting the minimum qualifications, this position requires sufficient strength and coordination of lifting, pushing, pulling and/or carrying the 35 Lbs. weight of computer systems equipment.  It also requires bending, stooping and/or crawling in order to install or repair computer systems hardware (TST029). 


Desirable Qualifications
The stated desirable qualifications may be used to identify job finalists at the end of the selection process when candidates are referred to hiring.

  • ITIL Foundation training
  • International Standards Organization (ISO) 20000, 27001 Foundation training
  • ISO Lead Implementer certification
  • Familiar with quality assurance methodologies (i.e., Total Quality Management (TQM), Six Sigma)
  • Knowledge of Service Management processes should include: Change Management, Configuration Management, Release and Deployment Management, Business Continuity Management, Service Continuity Management, Information Security Management, Knowledge Management, Continual Service Improvement, Service Reporting and the PCI (Payment Card Industry) standard, process reporting and IT services reporting
  • Knowledge of process design lifecycle
  • Knowledge of documentation management lifecycle
  • PCI-ISA (Internal Security Assessor) or PCI-QSA (Qualified Security Assessor) certified
  • Certified Information Systems Auditor (CISA) certified

Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.



  • Aerospace / Airlines

Minorities, Women, and Persons with Disabilities are Encouraged to Apply.

An Equal Opportunity Employer

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Cybersecurity Analyst – Governance, Risk & Compliance

San Francisco International Airport
San Francisco , California 94128

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast