Job ID: MNSITE-1627 (90090923)
PCI DSS Analyst/Assessor (QSA) with PCI readiness assessment, policies/procedures, control analysis and reporting/documentation experience
Location: St Paul MN (Department of Management and Budget (MMB))
Duration: 1 year (with possibility of extension)
Interview: phone
Travel: visit multiple locations in state of MN
Deliverable
• PCI readiness assessment (approximately 140 assessments needed, the State reserves the right to contract for this work in phases)
Requirements
• Ability to visit multiple locations in the State of MN that are deemed in-scope
• Ability to maintain staffing levels to support the one-year schedule for approximately 140 PCI readiness assessments
Minimum Qualifications
• At least 1 member of the proposed team must be a Qualified Security Assessor (QSA)
• Experience conducting 2 PCI Readiness Assessment in large (100+ merchant ID’s) IT environments
Description of Project
Minnesota IT Services (MNIT) is seeking a vendor to provide a Payment Card Industry (PCI) Readiness Assessment for all merchant identification numbers issued by the Minnesota Department of Management and Budget (MMB) to agency partners. These merchant IDs are issued to multiple State of Minnesota agencies with varying degrees of card processing requirements. There are 550 total merchant IDs that have been issued to state agencies by MMB and this assessment will review compliance to PCI Data Security Standards (PCI DSS) version 3.2 for each merchant ID for the approximately 140 ID’s assigned to MNIT, scoped out into phases. The process of PCI Readiness Assessment will help MNIT and agency partners verify correct interpretation of PCI DSS rules with appropriate implementation of controls in the agency cardholder data environments to maintain compliance with PCI DSS.
For each merchant ID, the vendor will perform an analysis and document the scope of the PCI DSS assessment identifying:
Locations
Payment transmission connections
Payment channels
Personnel roles and responsibilities
Computer network segments
Cardholder data storage locations
Hardware and software
Service providers and third parties
The vendor will perform a detailed assessment of the agency cardholder environment that could include interviews with key stakeholders, review policies and procedures, and conduct compensating control analysis. The goal will be to identify existing gaps and remediation needed to meet PCI DSS compliance.
Leave a Reply