Employer Active
Job Alert
You will be updated with latest job alerts via emailJob Alert
You will be updated with latest job alerts via emailIndividuals in this position have demonstrated experience in leading small to moderate sized testing teams. They understand the concepts of software quality assurance theory and practice. Can formulate testing strategy and plans where none may exist previously. They are able to communicate effectively with business and technical teams on testing activities and can assist developers with test-driven development. May require a bachelor's degree and at least 9 years or equivalent experience in a related area.
MUST BE CERTIFIED PCI QUALIFIED SERCURITY ASSESSOR (QSA)
PCI DATA SECURITY STANDARD VERSION 4.0 EXPERTISE
SHORT TERM PART TIME HOURS SCHEDULE WILL BE NEGOTIATED WHEN SELECTED
SEE ATTACHMENT FOR PROJECT DETAILS
The purpose of this request is to procure Data Security Standards Qualified Security Assessor consulting services for ODOT Information Services Branch (Architecture and Security / Payment Solutions Review Board.) The primary goal of the Contractor will be to collaborate with the ODOT team to perform an initial PCI DSS 3.2.1 to 4.0 compliance review and GAP analysis. The Contractor will review documents, systems, and processes as required to develop ODOT's PCI DSS 4.0 compliance roadmap.
The tasks the contractor shall perform are as follows:
Perform a Security Assessment GAP analysis and review documentation of ODOT credit card payment systems for security gaps.
Review current ODOT systems and devices and advise ODOT of additional areas which merit review.
Evaluate ODOT PCI compliance enterprise-wide (as determined by Task 1 and Task 2 review) with respect to PCI DSS version 4.0 compliance requirements and Agency current-state of PCI security compliance.
Provide a summary assessment with recommendations for remediation actions necessary to eliminate the differences identified in the GAP analysis of PCI DSS 3.2.1 and PCI DSS 4.0 at the agency.
Project Context
The State of Oregon Department of Transportation (ODOT, the Agency) and Oregon State Treasury (OST) have Compliance Requirements as identified in ORS 293.875 The Oregon State Treasury (OST) directs that "agencies that process, store, and/or transmit cardholder information associated with credit/debit card transactions are contractually required to comply with Payment Card Industry Data Security Standards" (PCI DSS).
Each of ODOT's Business Unit has unique business needs, customers, requirements, and processes. Their infrastructure is hosted by the Agency's Central Services Enterprise Technology group (ET) who is responsible for those information systems (IS), and Financial Services who is responsible for financial transaction integrity. Compliance for each Business Unit transaction system is subject to this authority as published by the PCI Security Standards Council. ET and Financial Services assist the Business Units under the direction of the ODOT Payment Security Review Board. The Payment Security Review comprised of ODOT Business Unit's processing PCI transactions desires to engage an experienced Contractor to review new Payment Card Industry Security Standard version 4.0 Security Compliance Requirements to identify initiatives and/or projects required to attain Agency PCI compliance and create a project portfolio with related plans to achieve the compliance goals.
Candidate must be local or willing to commute or relocate.
Additional Location Details (City, State) :
Standard Background Verification
Please perform the following background verification at the point of the candidate's selection for the position:
Full Time