Senior Info Security Analyst (Flex)

Before you apply to a job, select your language preference from the options available at the top right of this page.

Explore your next opportunity at a Fortune Global 500 organization. Envision innovative possibilities, experience our rewarding culture, and work with talented teams that help you become better every day. We know what it takes to lead UPS into tomorrow—people with a unique combination of skill + passion. If you have the qualities and drive to lead yourself or teams, there are roles ready to cultivate your skills and take you to the next level.

Job Description:

The Senior Information Security Analyst will be part of a team responsible for the oversight of the UPS Payment Card Industry (PCI) compliance program. He/she will manage PCI compliance of PCI in-scope systems, ensuring that PCI DSS (Payment Card Industry Data Security Standard) requirements /security controls are being met for all PCI in scope systems.   He/she will manage compliance of end-to-end payment channels, identifying all locations where account data is stored, processed and transmitted, ensuring that PCI requirements/security controls are being met/validated. He/she will be responsible for understanding and managing PCI compliance of the various payment stages (for example, authorization, capture settlement, chargebacks, and refunds) and acceptance channels (for example, card-present, card-not-present, and e-commerce).

Job Duties and Responsibilities:

Maintains Information Security Compliance

Gathers and organizes evidence of compliance with management directives to review and evaluate effectiveness of security functions, processes, products, and services. Reports on controls’ effectiveness to mitigate exposure potential of identified risks and to identify and communicate control gaps. Implements and monitors the integration of enterprise risk management procedures to reduce service losses and to maintain optimal security controls. Contributes to the development of security installation procedures and standards to maintain optimal security controls.

Conducts I.S. Information Security Projects Activities

Conducts advanced information security analyses to identify and initiate action items. Participates in the development of project plans to ensure that projects are completed on time and according to specifications. Performs assigned functions and tasks to meet project requirements.  Investigates issues and escalates as appropriate to support effective resolutions. Reviews multiple assignments to ensure I.S. governance, standards, and policies compliance. Participates in team meetings and discussions to communicate findings and ensure knowledge is shared among respective business partners.

Professional Experience/Skills:

Experience - Must have four or more years of demonstrable, professional, Information Security experience, with 3 years or more experience in IT compliance/IT audit or IT risk management.

Regulatory Compliance – Experience assessing for regulatory compliance, performing validation against security controls, analyzing attestations and evidence gathering.  Experience in the development of assessment processes for regulatory compliance, along with management of regulatory assessments yearly, preferably to meet the requirements of the Payment Card Industry (PCI) Data Security Standard (DSS)

Technical Skills - Very strong technical, analytical, and troubleshooting skills including ability to analyze a problem/technical solution quickly and accurately to meet regulatory compliance requirements

Knowledge of cloud compliance solutions provided by at least one of the cloud vendors (Azure, AWS, Google) and cloud/container security

Knowledge of Security Controls Frameworks

Coding, scripting knowledge and/or data analysis a plus

Education

The SeniorInformation Security Analyst position requires a Bachelor’s degree in Computer Science, Information Assurance or Risk Management, Cybersecurity, Information Systems, or related field.

Industry Certifications (PCI Compliance):

Must possess one or more the following information security certifications, or be in the process of obtaining within 60 days:

• Payment Card Industry – Professional (PCI-P)
• Payment Card Industry – Internal Security Assessor (PCI ISA)

Industry Certifications (Information Security)

Must possess one or more of the following information security certifications or have another certification or advanced degree in information security or related field. 

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Security Controls (CRISC)
• Certified Information Systems Auditor (CISA)
• Cloud Security Certification such as Google Professional Cloud Security Engineer Certification
• GIAC Certification

Preferred qualifications:

• Experience with compliance risk remediation
• Familiar with Payment Card Industry (PCI) regulatory requirements

Other Criteria

• Job Grade: 20H

• Location Flexible: Candidate must be located within the following locations, or willing to self-relocate: Alpharetta, GA, Mahwah, NJ, Parsippany, NJ, Louisville, KY, Maryland, MD.

• Last day to apply is 02/27/2025 11:59pm

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $89,040/year to $164,940/year. Pay is based on several factors including but not limited to, market location and may vary depending on job-related knowledge, skills, and education/training and a candidate’s work experience. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance. Hired applicants may be eligible for Medical/prescription drug coverage, Dental coverage, Vision coverage, Flexible Spending Account, Health Savings Account, Dependent Care Flexible Spending Account, Basic and Supplemental Life Insurance & Accidental Death and Dismemberment, Disability Income Protection Plan, Employee Assistance Program, 401(k) retirement program, Vacation, Paid Holidays and Personal time, Paid Sick and Family and Medical Leave time as required by law, and Discounted Employee Stock Purchase Program.

Employee Type:

UPS is committed to providing a workplace free of discrimination, harassment, and retaliation.

Other Criteria:

UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/nationalorigin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law.

Basic Qualifications:

Must be a U.S. Citizen or National of the U.S., an alien lawfully admitted for permanent residence, or an alien authorized to work in the U.S. for this employer.