Payment Card Industry Data Security Standard (PCI DSS)

2016 - 2018, I was responsible for the 'Payment Card Industry Data Security Standard (PCI DSS)' project at the University of Sheffield, which looked at assessing current working practices, processes and technological controls in place at the University and whether they met the required security standard. This was a significant project for the University and involved managing business and IT stakeholder from across the University and its wholly owned subsidiaries where payments were being processed by card. Achieving PCI DSS compliance is known in the industry as being very hard to achieve and continue to maintain, and with my leadership on the project I help ensure the University of Sheffield was well on its way to ensuring card payments were being taken in the safest way possible.

Later in 2018, I was hired by Oxford City Council to lead on their 'Payment Card Industry Data Security Standard (PCI DSS)' project following the success and experienced gained at Sheffield. In this role I completed the International Security Assessor (ISA) training run by PCI Internal Payment Card Industry Security Standards Council, which helped to enhance and broaden my knowledge of the standard and perform an internal audit on current compliance levels at the local authority.

Whilst involved on both of these PCI DSS project I feel the key achievements we delivered and core strengths I brought to this initiative could be described as follows:

• Develop business cases to clearly articulate to senior management within Finance & IT Services the need to pursue PCI DSS compliance, and seek funding for implementing improvements to card security 

• Compliance scoping assessments from a wide range of departments and units within the organisation responsible for dealing with customers and taking card payments

• Build, motivate and manage project teams from both central Finance and IT Services to work together and dedicate appropriate amounts of time and resource away from business as usual activities on project tasks

• Manage procurement activities and engagement with consultants for purchasing of consultancy support from QSAs (Qualified Security Assessors) & Penetration Testing, as well as technical solutions to improve the organisation's ability to achieve compliance to PCI DSS more easily

• Lead technical teams to design a implement technical solutions to improve security for card payments

• Lead process improvement sessions to enable the business design and implement better service management practices for handling sensitive card data