At Compass, we turn ordinary acts of service into extraordinary moments that make a difference. Think you can do the same? Then come to work with us—the largest foodservice and support services provider in the world. We’re growing bigger and better all the time. How did we become the seventh largest employer globally? It all starts with our commitment to great people, great service, and great results. Join us.

Overview:

Working with the Cybersecurity team, the Security Analyst position at Compass Group Canada will assist with the development and implementation of the technology security and risk management functions. This primarily will include establishing practices and processes to improve the cybersecurity posture, assessing gaps/risks against regulatory or corporate requirements and making recommendations on remediation strategies. They will advise management and technology teams to make informed security decisions as they relate to PCI, infrastructure controls and secure coding practices.  They will be responsible for deployment and operation of security related tools; responding to security related requests or incidents; completing control gap analysis.

Duties:

• Deliver key PCI Program components such as scope determination, gap assessments and remediation strategy
• Complete internal PCI Self-Assessment Questionnaires as required and have in depth knowledge and the requirements to comply with PCI DSS Reports on Compliance (ROC), Approved Scanning Vendor (ASV) Reports, and PCI AOC (Attestation of Compliance)
• Provide information to support quarterly reporting to acquiring bank
• Develop security configuration standards for infrastructure technology assets
• Lead / participate in systems security design and security architecture (networks, servers, operating systems, middleware, cloud environments, code development)
• Plan, test and implement technology required for PCI DSS compliance such as DLP, event logging/alerting, firewall rule compliance toolset, vulnerability assessments, etc.
• Work with Legal, Banking and Development teams to provide guidance for managing risk with third party service providers
• Assist in the development of overarching security policies, act as governance function to monitor adherence to policies
• Lead incident response activities during technology security incidents
• Manage vulnerability scanning of all relevant Canadian assets in Qualys
• Action vulnerabilities identified in Qualys and ensure remediation efforts are taken
• Review change management requests for security concerns
• Provide project leadership on security initiatives/projects
• Interact with client IT to ensure proper controls and segmentation are in place per PCI DSS standards

Qualifications (please only apply if you meet all required qualifications.)

• Methodical and organized; able to independently manage multiple opportunities, projects, and clients concurrently
• Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment
• Able to multi-task and work independently with minimum supervision to meet firm deadlines
• Flexible, proactive, quick to learn and possessing a can-do attitude
• Minimum of 3 years of hands-on, highly developed technical knowledge of network security, cloud environments and secure coding practices
• Solid understanding of information systems, payment technology infrastructure and the lifecycle of payment card transactions
• Ability to work with a diverse group of security professionals with various roles and responsibilities
• Experience evaluating the security infrastructure for medium to large enterprise merchants
• Experience in performing penetration testing on internal and external networks
• Experience reviewing network scans for vulnerabilities from an Approved Scanning Vendor (ASV)
• Working knowledge of audit methodologies and security assessment tools
• A blend of curiosity, creativity, persistence, commitment, passion and optimism
• Bachelor’s degree or 3 year Computer Technology diploma required
• Experience with development tools, environments and frameworks such as Azure, .net Web API,  C#,SOA, SAAS, Android Studio, Objective C, Redis
• Industry certifications (such as CISSP, PCI-ISA, CISA, CCSP)
• Strong Preference given to those with experience:
  • As a QSA resource for PCI DSS or PA-DSS
  • Evaluating various information systems, networks and/or payment applications
  • Developing or quality testing payment or mobile applications