Cybersecurity GRC Consultant(PCI DSS)

About Atos Group

 

Atos Group is a global leader in digital transformation with c. 63,000 employees and annual revenue of c. €8 billion, operating in 61 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high performance computing, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos Group is the brand under which Atos SE (Societas Europaea) operates. Atos SE is listed on Euronext Paris.

 

The purpose of Atos Group is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space.

Specific Duties and Responsibilities Include:

• Hands on experience in Information Security and cybersecurity standards (PCI DSS, SWIFT CSP, ISO 27001:2022, ISO 27701, SOC2 etc)
• Develop and implement cybersecurity standards, procedures. And guidelines for multiple cybersecurity standards (PCI DSS, SWIFT CSP, ISO 27001:2022, ISO 27701, SOC2 etc)
• Analyse security requirements, perform risk assessments, and identify potential vulnerabilities within IT systems.
• Should be adept at conducting gap analysis, risk assessments to identify threat and vulnerabilities based on NIST, ISO. PCI DSS, SWIFT frameworks
• Analyse Cardholder data flows (Business and application data flows) and accordingly identify the risks to cardholder data, provide guidance to clients on PCI DSS awareness
• Conduct regular PCI DSS audits to ensure secure payment transactions and adherence to PCI DSS Standard.
• Work independently or collaborate with teams to collect, analyse, consolidate evidence of clients PCI DSS compliance, should have written or supported in writing AOC and ROC’s.
• Conduct current-state assessment of data flows to identify sensitive datasets requiring obfuscation.
• Develop a comprehensive data obfuscation framework including governance model, workflows, and control points.
• Deliver documentation, playbooks, and knowledge transfer to internal stakeholders for long-term sustainability.
• Provide guidance on tool selection and integration within existing data management and DevOps environments.
• Establish validation and monitoring controls to ensure data integrity and protection effectiveness.
• Should be able to understand and explain technical vulnerabilities
• Intermediate knowledge on Active directory, firewalls, routers, switches, SCCM, MacAfee security products, DLP, Secure coding practices and product security
Must Have Skills
• Excellent communication and presentation skills.
• Able to effectively interact with various functions.
• Good to have Skills / Certification Minimum: , PCI DSS QSA, PCIP, or PCI ISA, ISO27001:2022, ISO 27701, ISO 22301 Lead Auditor or implementor course
• Good to have: PCI DSS QSA, PCIP, or PCI ISA, CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security
• Critical Thinking: Analysing information, problem-solving, and making informed judgments.
• Collaboration skills: Working effectively with legal, IT, engineering, and business teams
Education Qualification:
• B-Tech, BCA, MCA, BE-Computer science, MBA – Information Technology, or specialization in Information security
Compliance Frameworks
• Deep knowledge of PCI DSS, SWIFT CSP, NIST CSF, ISO 27001, GDPR.