L.A.Times Banner

Senior IT Security Engineer

The Los Angeles Times, 2300 E. Imperial Hwy, El Segundo, California, United States of America Req #42
Tuesday, August 6, 2024

The Senior IT Security Engineer will assess, recommend and maintain a robust information security infrastructure and ensure the company's adherence to policy compliances such as Payment Card Industry Data Security Standards (PCI DSS). This position involves conducting thorough and independent assessments of the management, operational, and technical security protocols across the company's cloud and on-premise Information Technology (IT) infrastructure. This position oversees project management for security initiatives, manages relationships with managed information security providers, and ensures the effectiveness of current cybersecurity measures. This role will oversee risk management, ensure vulnerability compliance and reporting, handle internal controls, and contribute to IT optimization efforts.

 

Responsibilities:

  • Conduct internal assessments and audits to ensure compliance with the most recent PCI DSS and other relevant security standards.
  • Collaborate with various departments to identify, evaluate, and mitigate vulnerabilities and risks in payment card processing environments.
  • Develop, maintain, and update a comprehensive PCI compliance program, including policies, procedures, and documentation.
  • Oversee the management of security infrastructure and ensure its robustness against potential threats
  • Provide guidance and support to business units and IT teams on implementing secure payment card processing practices.
  • Liaise with external Qualified Security Assessors (QSAs) during annual PCI DSS assessments and facilitate the remediation of any identified gaps.
  • Train and educate staff on PCI DSS requirements and best practices for protecting cardholder data.
  • Track updates to PCI DSS standards and ensure timely implementation of required updates and changes within the organization.
  • Manage and oversee the performance of managed information security service provider
  • Prepare Reports on Compliance (ROCs) and Self-Assessment Questionnaires (SAQs) for annual reporting on the Company’s status to the Payment Card Industry Data Security Standard (PCI-DSS).
  • Present and obtain Senior IT Management approval of process improvements and implement process modifications successfully.
  • Determines whether company information systems comply with existing policies, standards, architectures, procedures, laws, regulations, and other requirements.
  • Generate and audit monthly vulnerability reports, quarterly network scans, and bi-annual penetration tests to ensure compliance and remediation tasks and activities are completed within SLA periods.
  • Work with the legal department to develop and maintain IT Security Compliance and Governance contract provisions for external service providers and vendors.
  • Perform quarterly follow-up activities to report on status and/or mitigation completion.
  • Assist in the development and maintenance of a robust incident response plan for security breaches and incidents involving cardholder data.
  • Generate regular reports on compliance status, security assessments, and remediation efforts for senior executive management and relevant stakeholders.
  • Participate in security and compliance projects as required.
  • Responsible for eliminating manual steps through Automation Scripting
  • Development of Data Retention Policies including Backup and Restoration schedules
  • Writing, Editing, and Maintaining miscellaneous Policies and Procedures
  • Working with SOC, SIEM, and SOAR solutions
  • Conducting Cybersecurity Audits
  • Perform other tasks as assigned

Requirements:

  • Bachelor’s degree in Information Technology, Information Security, Computer Science (or a related field) and 8+ years of experience in information security, with specific experience in PCI DSS compliance  OR 12+ years of experience in information security, with specific experience in PCI DSS compliance.
  • 6+ years of experience with security tools and technologies used for information security and compliance monitoring.
  • Expert knowledge of information security principles, vulnerability scanning, remediation, reporting, data protection laws, and payment industry standards.
  • Excellent analytical, problem-solving, and decision-making skills.
  • Adaptable communicator tailoring messages for diverse audiences.
  • Detail-oriented with the ability to manage multiple tasks and projects simultaneously.
  • In-depth understanding and experience in IT governance, risk management, and compliance software tools.
  • Advanced knowledge of IT security principles, including those that apply to cloud infrastructure (Azure, AWS, Google Cloud), network, database, application security, firewalls, multi-factor authentication mechanisms, and identity and access management.
  • Adept to the application of technical understanding of the following areas: Access and Authentication, Data Security, Secure Software Development, Infrastructure and IT Operations, Boundary Protection, Vulnerability Management, Business Continuity, and Disaster Recovery.
  • Ability to work independently and within a team to accomplish assigned tasks timely and accurately.
  • Demonstrated work ethic and professionalism.

Preferred Qualifications:

  • Professional certifications such as PCI ISA (Internal Security Assessor), PCIP (PCI Professional), CISSP (Certified Information Systems Security Professional), CISM, CISA (Certified Information Systems Auditor), CIS, NIST, HIPAA are highly desirable 

The L.A. Times is an equal opportunity employer and welcomes all qualified applicants regardless of race, ethnicity, religion, gender, gender identity, sexual orientation, disability status, protected veteran status, or any other characteristic protected by law. We actively work to create an inclusive environment where all of our employees can thrive.  Explore our company history, achievement, values, mission and more on our career site.

The pay scale the Company reasonably expects to pay for this position at the time of the posting is $155,000 to $170,000 and takes into account a wide range of factors including but not limited to skill set, experience, training, licenses, certifications, and other business or organizational needs.  Compensation will be determined based on the above factors along with the requirements of the position.  At the L.A. Times, it is not typical for an individual to be hired at or near the top of the range for the role. Please visit our career site to view the benefits available to our employees.

The Company is a mandatory vaccination employer for COVID-19 and its variants. The Company requires that its employees be fully vaccinated as of their start date. If you require a medical or religious accommodation, we will engage in the interactive process with you. Proof of vaccination will be required prior to start. If we make you an offer and you are not yet vaccinated, we will accommodate a delay in start date.

Other details

  • Job Family Los Angeles Times Super Co.
  • Job Function Manager
  • Pay Type Salary
  • Min Hiring Rate $155,000.00
  • Max Hiring Rate $170,000.00
Location on Google Maps
  • The Los Angeles Times, 2300 E. Imperial Hwy, El Segundo, California, United States of America