PCI Manager Cyber Compliance

We are the leading provider of professional services to the middle market globally our purpose is to instill confidence in a world of change empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled inclusive culture and talent experience and our ability to be compelling to our clients. Youll find an environment that inspires and empowers you to thrive both personally and professionally. Theres no one like you and thats why theres nowhere like RSM.

CyberCompliance Manager (Payment Card Security)

At RSM US LLP we established the Security and Privacy Risk Consulting (SPRC) group to meet the critical cybersecurity needs of our clients. This team of dedicated cybersecurity professionals focuses exclusively on cybersecurity and information protection. Our SPRC group located throughout the country helps clients prevent detect and respond to security threats impacting their critical systems and ensures regulatory compliance in handling processing and protecting sensitive information. We support a diverse client base across various industries providing expertise in information security risk management security testing enterprise architecture governance regulatory privacy compliance and digital forensics.

We are seeking a Manager-level Payment Card Industry (PCI) Qualified Security Assessor (QSA) to join our Security and Privacy Risk consulting practice. As a Manager of CyberCompliance you will drive the growth of cybersecurity service offerings while understanding industry-specific risks and payment card security requirements. Youll assist organizations in developing robust data protection programs to safeguard critical assets particularly the cardholder data environments of RSM US LLP clients. Your team will focus on assessing designing and implementing cybersecurity risk management practices such as network segmentation vulnerability management data classification encryption de-identification and sensitive data monitoring solutions to ensure cyber regulatory alignment for data-rich organizations.

Responsibilities

• Manage the timely delivery of engagement results and high-quality deliverables adhering to professional and industry standards.
• Hands-on delivery and execution of project tasks for complex technology environments.
• Present project status risk-based observations and proposed solutions to clients senior management.
• As a first choice advisor cultivate and maintain relationships with stakeholders identifying opportunities for technological and operational risk mitigation.
• Assess payment card compliance maturity and assist clients in building and implementing sustainable PCI compliance programs.
• Support organizations in developing and implementing information governance frameworks.
• Aid clients in designing and maintaining payment card industry and cyber compliance programs including operational processes technology and guidelines.
• Identify opportunities to expand service scope within engagements and contribute to market-facing initiatives to attract new client prospects.
• Communicate strategic and tactical risks of account data protection advanced security threats enterprise security management practices and innovative security solutions to clients.
• Translate complex technical issues into executive-style reports and presentations for senior management.
• Leverage industry and technical expertise to identify improvement opportunities for clients and support remediation services.
• Supervise train and mentor staff coordinating with client resources as necessary.
• Assist in building the SPRC practice by expanding the teams size and skill set.
• Set performance expectations for staff and provide constructive feedback.
• Oversee and train junior team members during service delivery ensuring quality and fostering growth.
• Support business development efforts to acquire new clients and expand existing relationships.
• Identify business opportunities and enhance go-to-market strategies.
• Advise area leadership on SPRC service line growth and market strategies.
• Participate in professional organizations and develop thought leadership in relevant cybersecurity topics for internal and external branding.
• Ensure revenue targets are met and service offerings remain responsive to the evolving business environment.

Required Qualifications

• Active or former PCI QSA certification with experience preparing Level 1 and Level 2 PCI DSS Reports on Compliance (ROCs) or 3 years of PCI DSS experience with one or more of the following certifications:
  • (ISC)2 Certified Information System Security Professional (CISSP)
  • ISACA Certified Information Security Manager (CISM)
  • Certified ISO 27001 Lead Implementer 1
  • (METI) Registered Information Security Specialist (RISS)
  • ISACA Certified Information Systems Auditor (CISA)
  • GIAC Systems and Network Auditor (GSNA)
  • Certified ISO 27001 Lead Auditor
  • IRCA ISMS Auditor or highere.g. Auditor/Lead Auditor Principal Auditor
  • IIA Certified Internal Auditor (CIA)
• Bachelors degree in information technology business or related discipline from an accredited college/university.
• 5 years of related work experience in cyber compliance consulting or equivalent advanced academic experience.
• Familiarity with cybersecurity program components and supporting workflows such as:
  • Regulatory monitoring
  • Business requirements definition
  • Data inventory and information flow mapping
  • Cybersecurity risk management
  • Third-party vendor management
  • Interactions with consumers (data subject requests)
  • Incident management and breach notifications
• Technical knowledge of network and IT infrastructure application/database design IT governance risk management incident response and typical network/IT security components.
• Working knowledge of key cybersecurity compliance standards and regulations including PCI DSS NIST CSF GLBA etc.
• Proven people skills with experience operating in a professional services firm large consultancy or similar environment.
• Demonstrated ability to collaborate effectively especially with cross-functional teams.

Preferred Qualifications

• Proven experience engaging with diverse organizational stakeholders including management business marketing HR IT and Legal teams.
• Advanced degree focused on data protection privacy or a related field.
• Strong written oral and presentation skills with an innovative mindset.
• Knowledge of PCI DSS practices in retail and financial services.
• Proven ability to work seamlessly in a virtual environment with globally dispersed team members.
• Creative thinking individual initiative and flexibility in navigating rapid changes in technology regulation and client needs.
• Commitment to staying updated with advancements challenges and discoveries in the Security and Privacy industry.

At RSM we offer a competitive benefits and compensation package for all our offer flexibility in your schedule empowering you to balance lifes demands while also maintaining your ability to serve clients. Learn more about our total rewards at does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past current or prospective service in the Canadian uniformed service; Canadian Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership.RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application interview or otherwise participate in the recruiting process please call us at or send us an email at .

At RSM an employees pay at any point in their career is intended to reflect their experiences performance and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including but not limited to education skills work experience certifications location etc. As such pay for the successful candidate(s) could fall anywhere within the stated range.