Main Content

HSM Administrator/Key Manager

Position: HSM Administrator/Key Manager
Reports To: VP, Database Middleware Enterprise Systems
Location: Winston-Salem, NC, Dallas TX, New York, NY, or Remote

Position Summary:

Integration and configuration manager for The Clearing House’s (TCH’s) proprietary Real-time Payments (RTP) and Secure Token Exchange (STE) products built upon the Token Service Provider (TSP) standards, set by EMVCo.  Responsible for product configurations, vendor settings and management of cryptographic keys.  Lead responsibilities include application configurations and settings during client on-boarding, testing and production implementations. This role will work closely with Operations Client Services and Operations Production Support during incident, problem and change management processes.

Qualifications Required:

  • Bachelor’s degree in Engineering, Computer Science, Cybersecurity, Information Systems or related field of study, or 5+ years engineering experience within Information Security and Payments space
  • Minimum two (2) years’ experience or demonstration of superior understanding of Hardware Security Modules (HSM) configuration and administration (e.g. Thales or Entrust)
  • Minimum two (2) years with Payments industry standards (PCI, ANSI, ISO, EMVCo) and equivalent experience with regulations and compliance relating to debit and credit services

Qualifications Desired:

  • Experience in a technical operations area of a financial institution, including an understanding of Card Services, debit/credit card processing and other card operations activities
  • Familiar with payment network tokenization standards, both from an issuer and a digital/mobile wallet point of view
  • Must be detail oriented, demonstrates strong analytical and problem-solving practices
  • Advanced knowledge of Unix/Linux operating systems
  • Excellent written and verbal communication in a clear, concise, and professional manner and the ability to interact professionally with senior management, peers, and other relevant stakeholders
  • Ability to establish and maintain effective working relationships with all levels within an organization, fostering collaboration internally/externally with vendors and staff
  • Understanding with industry encryption standards, data transmission techniques, cryptographic key generation, and management
  • Advanced knowledge of cryptographic functions inclusive of algorithms, hashing, digital signatures, public key infrastructure, and key management  
  • Desired Certifications: Certified information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), PCI Professional (PCIP), Certified Cloud Security Certification (CCSP), CompTIA Security +, Cryptography and Encryption Certification

Essential Functions and Responsibilities:

  • Direct, manage, and implement TCH data security policies while utilizing encryption, tokenization, hashing and masking techniques 
  • Direct, manage, and implement TCH keys and certificates while using tools such as Enterprise Key Management Systems, Venafi, Splunk, SolarWinds, and ServiceNow
  • Integrate secure application-level data flow using industry standard data protection techniques
  • Provide operational direction and triage on cryptography and key management
  • Provide oversight and governance for security risks affecting the business and be able to communicate to management and other business leaders  
  • Provide guidance on cyber incidents and problems related to cryptography and key management activities
  • Maintain Cryptography and Key Management budget, collaborating with team members accordingly
  • Manage and engage Vendors and internal teams to ensure compliance requirements of the NIST Cryptographic Module Validation Program (CMVP) are met and maintained
  • Manage the cryptographic device lifecycle including commissioning, sanitizing, and decommissioning of devices through secure processes
  • Manage TCH Cryptography and Key Management program to ensure compliance requirements such as PCI DSS, PCI TSP and NIST cyber security frameworks while supporting multiple products with both Symmetric and Asymmetric keys to protect the integrity, authenticity, and confidentiality of sensitive and high value data
  • Collaborate with Information Security on TCH Cryptography and key management policies to ensure compliance with NIST SP 800-57
  • Keep abreast of security trends and standards; maintain a superior knowledge of capabilities modern cryptographic algorithms, and vendor product offerings
  • Acts as final escalation point for complex security and support issues

Physical Demands and Work Environment:

Work is generally sedentary in nature but may require standing and walking. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
TCH places paramount importance on the health and safety of its employees, and, as such, we are taking all necessary steps to protect our workforce. Because this position may require business travel and/or working in close contact with colleagues and other third parties, TCH is requiring that the employee hired into this role present proof that they are fully vaccinated against COVID-19 during their first week of employment.

Apply Below*:

  • A letter of interest describing your experience and interest in the position
  • Your resume
  • Names and contact information of three references, or three letters of reference

* Please submit a single application per position.

Submit Your Resume