PCI Controls Testing Associate

The PCI Controls Testing Associate is an execution focused role responsible for planning performing and documenting PCIDSS control tests across our cardholder data environments (CDEs). Youll partner with technology owners DevOps product teams and external assessors to verify that technical and procedural safeguards operate effectively. A key part of your remit is to identify opportunities to automate repetitive evidence gathering taskshelping us shift from annual big bang audits to continuous assurance.

Key Responsibilities:

Control Testing

• Execute detailed test procedures for all 12 PCIDSS requirement families (firewalls vulnerability management encryption logging & monitoring access controls etc.).

• Validate configurations in firewalls routers servers cloud platforms CI/CD pipelines and SaaS tools.

• Interview control owners perform walkthroughs and capture screenshots / config exports as evidence.

Evidence & Documentation

• Maintain testing results issues and artifacts in our GRC platform (ServiceNow GRC / Archer / Jira).

• Draft clear test summaries and remediation tickets for findings.

Automation & Tooling

• Build or enhance scripts APIs and dashboards that pull evidence (e.g. CIS benchmarks AWS Config Splunk searches) on a recurring schedule.

• Collaborate with DevSecOps to integrate control checks into CI/CD.

Continuous Compliance

• Monitor control health indicators; escalate control failures or data gaps promptly.

• Contribute to quarterly mock audit cycles ensuring we stay audit ready yearround.

Collaboration & Education

• Educate engineering and product teams on PCI requirements and secure by design practices.

• Coordinate with external QSAs during ROC testing and facilitate data requests.

Qualifications:

• 24years in information security IT audit or PCIDSS control testing.

• Hands on experience validating technical controls in Linux/Windows network devices and at least one major cloud platform (AWS Azure or GCP).

• Familiarity with automation or scripting languages (Python PowerShell Bash) and REST APIs.

• Solid understanding of PCIDSS v3.2.1/v4.0 requirements evidence expectations and sampling methodology.

• Comfortable reading firewall rules IAM policies and vulnerability scan outputs.

• Strong written/verbal communication skillsable to translate technical findings for nontechnical stakeholders.

Nice to Have:

• Experience with infrastructure as code (Terraform CloudFormation) or security as code pipelines.

• Previous use of GRC or compliance automation platforms (Drata Vanta Tugboat Logic ServiceNowGRC etc.).

• Industry certifications such as PCIISA CISA Security or AWS Security Specialty.

Location:
This hybrid role involves onsite presence 3 days per week at one of our office locations in Chevy Chase MD and New York NY.

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include but are not limited to the scope and responsibilities of the role the selected candidates work experience education and training the work location as well as market and business considerations.

The GEICO Pledge:

Great Company:At GEICO we help our customers through lifes twists and turns. Our mission is to protect people when they need it most and were constantly evolving to stay ahead of their needs.

Were an iconic brand that thrives on innovation exceeding our customers expectations and enabling our collective success. From day one youll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on peoples lives.

Great Careers:We offer a career where you can learn grow and thrive through personalized development programs created with your career and your potential in mind. Youll have access to industry leading training certification assistance career mentorship and coaching with supportive leaders at all levels.

Great Culture:We foster an inclusive culture of shared success rooted in integrity a bias for action and a winning mindset. Grounded by our core values we have an an established culture of caring inclusion and belonging that values different perspectives. Our teams are led by dynamic multifaceted teams led by supportive leaders driven by performance excellence and unified under a shared purpose.

As part of our culture we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers.

Great Rewards:We offer compensation and benefits built to enhance your physical wellbeing mental and emotional health and financial future.

• Comprehensive Total Rewards program that offers personalized coverage tailormade for you and your familys overall wellbeing.
• Financial benefits including marketcompetitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognitionbased incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• In office and remote opportunities as well as our signature GEICO Flex program offering the ability to work remotely for up to four weeks per year.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race color religious creed national origin ancestry age gender pregnancy sexual orientation gender identity marital status familial status disability or genetic information in compliance with applicable federal state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.