Service components and deliverables
The provision of specialist technical and PCI related services encompassing:
Providing support for regional PCI officers during audits where remediation actions are required
Working with global PCI teams to design and implement a logging solution to replace existing regional solutions
Providing consultancy to projects that impact on PCI compliance
Participating in design discussions for 2024 PCI roadmap activities
Documenting both high and low level designs for assigned Solutions
Strategize the future of BP IT by assessing the existing, defining the enterprise technology vision, road maps and orchestrating the transformation.
Architect and create solution designs that are compliant with BP's security policies, processes and compliance standards including PCI-DSS
Review major changes in the PCI CDE
Perform a comprehensive assessment (gap analysis) of overall change and/or solution from endpoint security to protecting payment card data at rest
Implement solutions to ensure cloud, on-premise and IoT systems meet their expected service and PCI-DSS compliance levels, supporting all phases from design, build, test to live operations

The success of these deliverables assumes that:
Team members have adequate engagement from Customer team members.
Success relies on sufficient time and knowledge from System owners and Customer Product SMEs.
Supplier team members have read/write access to manage appropriate Azure dev ops boards.
Supplier team members have access to testing platforms for products specific to the appropriate systems
Third Party suppliers perform to standards set by Customer according to Industry Best Practice.
Our strategy is very much around creating those cloud based solutions, so looking specifically for that experience if we can find it

The current proposed experiments include:
o Repurpose the existing Splunk PCI logging solution to enhance the SOC (SIEM) functionality
o Service Now (GRC module) knowledge
Experience with both Azure and AWS cloud architecture within a corporate environment, including native logging solutions
Sound understanding of IT Digital Security standards
Ability to document both high and low level designs for PCI compliant systems
Ability to write basic code
Although a technically focused role the candidate must have the ability to communicate with business stakeholders and be able to organize and run meetings
Knowledge of APIs and REST based architectures