Security Site Administrator

WELCOME TO Ingenico is the global leader in payments acceptance solutions. As the trusted technology partner for merchants, banks, acquirers, ISVs, payment aggregators and fintech customers our world-class terminals, solutions and services enable the global ecosystem of payments acceptance. With 40 years of experience, innovation is integral to Ingenico’s approach and culture, inspiring our large and diverse community of experts who anticipate and help shape the evolution of commerce worldwide. At Ingenico, trust and sustainability are at the heart of everything we do.ABOUT THE ROLE & TEAM Reporting to the NAR Security Operations Team Leader, the NAR Site Security Administrator - Mexico holds a critical role in the daily secure production, configuration and delivery of Ingenico payment products to the benefit of our customers. WHAT YOU’LL DO The Site Security Administrator - Mexico has the following responsibilities: Oversee the physical security of the Mexico Operations at all the Mexico manufacturing and repair facilities. Ensure that physical security measures are in place, active and effective at all times. Coordinate with facilities staff on the evolution of physical security measures at all Mexican sites. Ensure that role-appropriate security training exists for both the indoctrination of new employees and to refresh the knowledge of existing employees. Ensure that logs and CCTV footage for controlled areas within Ingenico's Mexican facilities are available and reviewed as required based Ingenico policies and procedures.Function as the Regional Cryptographic Key Administrator for all of the Mexico manufacturing and repair facilities, supporting NAR Injection services. Customize Regional cryptographic key management procedures for use in the Mexican facilities in line with evolving industry standards and Ingenico key management policies. Manage all cryptographic key management systems used in Ingenico's Mexico Key Injections Facilities (KIFs) and Repair Facilities to ensure the secure storage and availability of cryptographic key materials to the NAR production lines, ensuring the proper configuration of products being delivered to Ingenico customers. Maintain ongoing day-to-day compliance and support annual external validation of Ingenico Mexico's KIF Operations with PCI PIN, PCI P2PE and other industry regulations as appropriate. Help to maintaining Mexico's cryptographic key database and oversee cryptographic key conveyance ceremonies. Train other Ingenico employees who will be involved in various aspects of key management operations: key custodians, sensitive assets custodians, HSM administrators, etc. Assist the Ingenico Sales Teams in the definition of Key Profiles needed for the fulfillment of sales orders.Lead local incident response efforts in the Mexico region as required. ABOUT YOUR SKILLS Possess at least two years of experience performing or preparing systems for, IT audits and/or security assessments.Preferably possess a minimum of 2 years of experience in implementing and overseeing physical security measures.Strong organizational skills, attention to detail, and strict time-management.Spanish English Bilingual. Bachelor’s degree or equivalent industry experience in a field related to computer science or data science/analytics. NICE TO HAVE Preferably possess a minimum of 2 years of experience in Cryptographic Key Management and/or Cryptography, including: Symmetric & asymmetric cryptographic techniques including cryptographic algorithms, key establishment, key management, and key lifecycle.Knowledge of industry standards for cryptographic techniques and key management, including but not limited to ANS X9.24, X9.143/TR-31, TR-34, ISO 11568, ISO 13491, PCI PIN and/or PCI P2PE.Hardware security modules (HSMs) operations, policies, and procedures.Physical security techniques for high-security areas.Point of Interaction (POI) key-injection systems and techniques, including key loading devices (KLDs) and key-management methods, such as Master/Session or Derived Unique Key Per Transaction (DUKPT). Previous or current credentials as a certified TG-39 Auditor (CTGA); a PCI Qualified PIN Assessor (QPA); PCI Point-to-Point Qualified Security Assessor (P2PE QSA); an information security professional (e.g. CISSP, CISM or ISO Lead Implementer); or information technology auditor (e.g. CISA, GSNA, etc.) are not required but considered an asset.

Creado: Jue, 01 de Ene de 1970