PCI Compliance & Remediation

AT A GLANCE

  • Role:  Senior  Program  Manager / Senior Project Manager
  • Client: Rogers Communications
  • Summary: PCI Compliance Program Lead responsible for two large work streams
  • Industry: Telecom, Media
  • Project Types:  Program, Infrastructure, Process, Compliance
  • Scope: Enterprise
  • Team: 15-20 Direct Reports, Vendor Management
  • Duration: 10 months (2010-2011)

SUMMARY

Hired in a very senior consultant capacity to assess and realign a failed PCI program workstream at Rogers.

OVERVIEW

  • Put failed workstream back on track in the first 6 weeks with clear deliverables, targets and reporting
  • Further analysis determined that Program Scope for 2 year running program would not lead to compliance
  • Engaged key resources to assess required scope and determine the gap and effort for compliance
  • Engaged key stakeholders and Security Experts (QSA, PCI compliance) in sessions to confirm scope
  • Influenced Senior Management to segment the Network in order to achieve compliance
  • Transitioned over my  current program and took the lead to start-up the Network Segmentation program
  • Within 4 months had established the new program, hired the team and established projects and targets

PROJECT DETAILS

Ongoing Compliance:  One of 2 In-flight Program Workstreams with the following scope:

  • Vendor Contract Reviews
  • Firewall restrictions
  • Network Device configuration
  • Wireless Access Monitoring
  • Secure Code Reviews
  • Controls library
  • Threat and Vulnerability Management

Network Segmentation – Start-up of new Program workstream

  • Establish program governance and organizational structure
  • Role definitions, hiring and resource management
  • Current state assessment of processes, infrastructure, applications, tools and reporting
  • Development of a strategic plan and road map for phased implementation
  • Process improvements and optimization
  • Detailed action plan for phased implementation
  • Weekly progress reporting and executive dashboard
  • Budget and Program Management
  • Network Segmentation Requirements
  • Application and Infrastructure analysis
  • Inventories and Credit Card Data Flows
  • Application Migration Strategy
  • Proof of Concept Migration
  • Planning and Migration for all 32 Applications in-scope for PCI
  • Worked closely with cross-functional groups including Network, Applications, Infrastructure, PCI Compliance, PCI Remediation, IT Security and IT operations.
This entry was posted in Application, Infrastructure & Networking, Media, Program & Process Management, Rogers Communications, Senior Program Manager, Senior Project Manager, Technology Risk, Compliance, Security, Telecom and tagged , , , , , , , , , , . Bookmark the permalink.