Organisation: The National Trust for Scotland
Salary: £33,702 - £37,281 pro-rata, per annum
The Compliance Analyst will be responsible for taking forward the PCI DSS (Payment Card Industry Data Security Standards) compliance action plan, undertaking due diligence, creating operational payment processes, and leading on the effort to embed the practices into the organisation. They will report to the DPO and be based within the Corporate and Commercial Services team.
KEY RESPONSIBILITIES AND ACCOUNTABILITIES
• Lead on the delivery of a PCI DSS compliance action plan.
• Develop operating procedures for new payment channels and review operating procedures for existing channels.
• Liaise with colleagues to review all paper-based payment processing at NTS.
• Complete/update PCI DSS Self-Assessment Questionnaires (SAQs) for payment processes.
• Define appropriate back up processes when primary payment channels are unavailable.
• Work with colleagues and external partners to ensure that all third parties processing payments on behalf of the Trust are themselves appropriately PCI compliant.
• Support colleagues across the organisation with advice and practical guidance on the implementation of PCI DSS policies and procedures.
• Assist in the recording, monitoring, and reporting of risks associated with payment processing activities and identify actions that can be taken to mitigate risk.
• Support the delivery of mandatory training in PCI DSS – including the delivery of refresher training to volunteers and employees.
• Support the development of an annual auditing framework in line with PCI DSS requirements.
• Work with the DPO, Technology Director and Finance Director to advise on possible solutions to challenges with payment systems and processes in order to mitigate risk.
• Oversee the management of a central payment device inventory to ensure it remains up to date.
• Support colleagues in regions/teams to produce local inventories and keep them up to date.
REQUIRED QUALIFICATIONS, SKILLS, EXPERIENCE & KNOWLEDGE
• Demonstrable experience in compliance/business/data analytics
• Excellent knowledge of PCI DSS requirements
• Excellent stakeholder management, influencing and negotiation skills
• Excellent planning and organisational skills with experience of working in an agile environment
• Strong communication skills both combined with the ability to write clear & concise interpretations of complex sets of data
• Excellent self-motivation and interpersonal skills, with the ability to develop relationships across professional and organisational boundaries and encourage participation and knowledge sharing with other stakeholders
• Experience of maintaining full system & process documentation
Knowledge of EPOS systems
Expert in Microsoft Excel
Experience of Microsoft Cloud SAAS environments
Experience of risk management frameworks
Experience of Microsoft SharePoint
DIMENSIONS AND SCOPE OF JOB
Trust-wide role, collaborating with and supporting colleagues across Scotland, as well as liaising with external parties and service providers
Tools / equipment / systems
• Microsoft packages (Word, Excel, PowerPoint, Access etc.) data processing, report preparation, etc.
• Microsoft SharePoint (creating and maintaining shared folders)
Application Deadline: Friday 02/12/2022