Lead the Hawaiian Airlines global PCI compliance program, ensuring all applicable Hawaiian Airlines assets, maintains, and report on compliance with PCI DSS requirements.
Provide PCI implementation guidance within scope, including conducting PCI DSS compliance assessments, SAQ reporting, and recommending controls where appropriate.
Lead the Compliance team to perform PCI DSS compliance assessment and management processes and work streams for annual assessment, remediation, and reporting.
Lead Hawaiian Airlines IT Compliance (SOX) testing to assess risk, evaluate internal controls, safeguard assets and analyze IT controls supporting financial reporting and operating procedures. Prepare and maintain the compliance management documentation (e.g. baselines, processes, and procedures).
Update and maintain IT Compliance test programs and tools used to accomplish IT Compliance of SOX key controls.
Evaluate IT compliance gaps and work across IT units to recommend solutions to improve policies, procedures, efficiency and controls.
Manage the remediation of vulnerability scans on information systems. Track, report, and identify solutions to mitigate or remediate findings. Lead remediation efforts across IT and business units.
Lead the efforts to implement up-to-date baselines for the secure configuration and operations of all in-place devices, systems, databases, and applications.
Monitor and support all in-place security technology solutions to maintain efficient and appropriate operations.
Manage information security audit and assessment activities.
Maintain and support the enterprise security awareness, communication, and education program.
Manage, coach and develop onshore and offshore team members.
Provide on-call support as needed.
Bachelor’s Degree, or equivalent experience, relevant certifications, and professional training programs.
6+ years’ experience in Information Security or Risk Management, with 3+ years’ experience in PCI DSS assessment or PCI DSS compliance program governance.
2+ years as a manager with direct reports.
Comprehensive hands-on expertise in all PCI DSS requirements, with experience in e-commerce.
Hands-on experience with a variety of technical security controls and platforms (e.g., tokenization & encryption, network security, VPN, POS, firewalls, log monitoring, etc.)
Experience with internal controls and SOX controls implementation.
In-depth knowledge of industry information security standards such as NIST 800-53 series and ISO 27001.
Capability to communicate security-related concepts to a broad range of technical and non-technical personnel.
Experience with governance, risk, and compliance tools and other relevant technical monitoring and reporting tools.
Able to manage multiple programs simultaneously, with strong ability to prioritize multiple tasks and respond to emergencies.
CISSP, CISA, or other recognized security certification.
Current or past PCI QSA / ISA certification.
Project management experience.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
Please view Equal Employment Opportunity Posters provided by OFCCP here.
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.