Job Responsibilities:
- Work on Client identified PCI-related gaps in many of its systems and processes
- Transform the enterprise to evangelize PCI Compliance as a standard operating procedure.
- Establish Program Framework
- Define organizational roles & responsibilities
- Update critical processes e.g. scope/descope
- Work on FY26 plan & budget forecast
- Discover and Document Enterprise Landscape
- Prioritize past audit findings
- Establish Remediation Framework and plan
- Deploy automation for data lineage dependency and impact analysis
- Create program metrics and governance framework
- Build complete PCI / Non-PCI asset inventory
- Elaborate PCI related policies and procedures
- Initiate design and implementation for priority items
- Define Tokenization Encryption & Key Management Strategies
- Ensure alignment with PCI 4 requirements
- Transition to PCI as core discipline
- Preform PCI Scope Reduction
- Modernize and embed PCI Processes
- Integrate enterprise compliance
Skills and Experience Required:
Required:
- Must be Certified PCI DSS QSA from PCI Security Standards Council.
- 10 years overall experience as an IT Professional Infrastructure Security Data Engineering and/or Multi-tiered complex application architecture
- 5 years of experience with PCI DSS audits
- Expert in PCI DSS standards and compliance requirements
- Must be able to determine whether the system is subject to PCI audit
- Clear experience and ability to identify technical process and documentation requirements to descope systems
- Demonstrated experiences partnering with clients to remediate PCI findings including descoping systems securing PCI data and ensuring documentation compliance
- Experience establishing PCI compliance programs within complex organizations with a broad range of technology platforms
- Banking Payments and/or Financial Services experience
- Experience with diverse technology platforms and heterogenous systems (Window/.Net SQL Server Java Linux Oracle Cobol Mainframe AS400/I-Series other)
- Strong understanding of Infrastructure storage and network architecture and design for PCI compliance
- Experience with designing/implementing Encryption Tokenization and other data security mechanisms to either descope systems or bring into compliance
- Excellent verbal and written communication skills
- Must be able to travel for client meetings