Apply now »

Security Specialist Payment Systems

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

 

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

 

D&T is shaping an exciting new digital future and has designed a portfolio of solutions and services in a customer centric way to meet the needs and solve the pain points of our customers. One of the digital solutions is worldwide digital payments adaption. To ensure this is done in a sustainable way, security control compliance and PCI DSS compliance has to be embedded in the process. The Security Specialist Payment Systems is responsible for security of digital payments for HEINEKEN by embedding PCI DSS within the HEINEKEN Cyber Assurance and Compliance structure and verifying the effectiveness of security and PCI DSS controls globally.

 

This person will be responsible to drive Security and PCI DSS compliance to ensure Security by Design for payment systems, by supporting global teams and operating companies with embedding security in their software development lifecycle, aligned with HEINKEN’s Cybersecurity Policy and PCI DSS requirements. In this role you will be the global face of PCI DSS compliance within HEINEKEN, and you will lead all OpCo’s into engaging with secure payment solutions together with your colleagues at Global Information Security

 

Your responsibilities would include: 

 

  • identifying potential risks and recommending how to prevent and/or avoid those risks within e-payments products

  • driving the PCI DSS compliance process

  • driving the security compliance process

  • collaborating with other global information security specialists to understand and further develop controls and processes required to improve information security

  • supporting global policy documentation creation, especially regarding secure payments

  • driving the security by design methodology by supporting devops teams building secure payments products with implementing security and PCI DSS controls

  • identifying security threats and challenges across multiple devops teams, especially regarding payments, to address concerns on a product portfolio level

  • performing risk reviews using the risk management procedure for all new e-payments services deployed in the D&T operational environment and vetoing programs not complying with HEINEKEN’s security standards

  • translating security governance documentation and security controls into tailored, solution-based implementations

  • driving metrics and reporting to senior management to enable data-driven decision making

  • presenting teams with solicited and unsolicited security advice

  • building a global, resilient, and mature HEINEKEN security organisation.

 

You are a good candidate if you have: 

 

  • 5+ years of working as engineer in the cyber security field and previous experience working as a (PCI DSS) compliance manager, security engineer, security officer, security specialist or role alike

  • affinity and experience within the payment industry and with e-payments solutions both at the technical and procedural levels

  • experience with risk management

  • possesses relevant certifications in the field of agile, devops and security, e.g. CISSP / CCSP / CISM, etc.

  • hands-on experience with working with agile teams or devops teams to embed security in their product by design (security by design)

  • experience with cloud platforms security like Azure, AWS, Google Cloud, etc.

  • has worked with relevant market standards such as NIST, ISO 27001, COBIT, and relevant laws and regulations such as privacy laws

  • experience with PCI DSS, the PCI Secure Software Lifecycle Standard insofar as it relates to its PCI Payment Applications and the PCI Secure Software Standard insofar as it relates to its PCI Payment Applications

  • ability to explain complex technical processes to business stakeholders

  • possess strong interpersonal skills, relationship management and negotiation skills, strong verbal, and written communication skills.
 
 
You are a perfect candidate if you also have:
 

  • experience in incident management, especially involving payments security incidents

  • experience with working in a cross-functional team

  • experience with GRC tooling such as OneTrust and ServiceNow

  • cultural awareness to tailor stakeholder contact in a diverse multicultural environment.

 
 

 

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.

#LI-KD1 #LI-HYBRID

 
We offer:


Job Segment: Information Security, Embedded, Cloud, Compliance, Relationship Manager, Technology, Legal, Customer Service

Apply now »