PCI Compliance & Remediation

AT A GLANCE

SUMMARY

Hired in a very senior consultant capacity to assess and realign a failed PCI program workstream at Rogers.

OVERVIEW

Put failed workstream back on track in the first 6 weeks with clear deliverables, targets and reporting
Further analysis determined that Program Scope for 2 year running program would not lead to compliance
Engaged key resources to assess required scope and determine the gap and effort for compliance
Engaged key stakeholders and Security Experts (QSA, PCI compliance) in sessions to confirm scope
Influenced Senior Management to segment the Network in order to achieve compliance
Transitioned over my current program and took the lead to start-up the Network Segmentation program
Within 4 months had established the new program, hired the team and established projects and targets

PROJECT DETAILS

Ongoing Compliance: One of 2 In-flight Program Workstreams with the following scope:

Network Segmentation – Start-up of new Program workstream

Establish program governance and organizational structure
Role definitions, hiring and resource management
Current state assessment of processes, infrastructure, applications, tools and reporting
Development of a strategic plan and road map for phased implementation
Process improvements and optimization
Detailed action plan for phased implementation
Weekly progress reporting and executive dashboard
Budget and Program Management
Network Segmentation Requirements
Application and Infrastructure analysis
Inventories and Credit Card Data Flows
Application Migration Strategy
Proof of Concept Migration
Planning and Migration for all 32 Applications in-scope for PCI
Worked closely with cross-functional groups including Network, Applications, Infrastructure, PCI Compliance, PCI Remediation, IT Security and IT operations.