SRC PCI Senior Associate

• 210 years of Information Security experience with relevant PCI experience performing assessments advisory work or compliance implementation.

• Strong understanding of PCI DSS ecosystems scoping compliance processes andmaintainingongoing compliance programs.

• Experience working with PCI DSS v4.0.1 requirements controls and testing procedures.

• UnderstandingPCI DSS segmentation testing scoping principles and evidence validation techniques.

• Preferably certified as PCI QSA or ISA (optional) with experience leading or supporting PCI DSS assessments and generating ROCs/Self-Assessments.

• Experience with PCI Industry benchmarking RFPs/RFQs scoping SAQs auditing remediation and providing recommendations to large enterprises.

• SME-level knowledge in controls implementation assessmentsperformgap analysis compliance reporting and creation of PCI-aligned policies procedures and governance checks.

• Must have strong experience in implementing/assessing the P2PE solution requirements and testing procedures encryption/decryptionmethodologiesandkey management within secure cryptographic devices.

• Responsible for building and influencing payment security as a core competency across clients internal teams partners and vendors. This includes providing education developing processes and procedures standard templates accelerators and training to support internal competency build.

• Strong understanding and hands-on experienceinconducting security reviews of various cybersecurity solutions including but not limited to the following:

• Application or network firewalls

• Intrusion detection/prevention systems

• Database or other storage solutions

• Encryption solutions

• Security audit/log monitoring solutions

• File integrity monitoring solutions.

• Anti-virus solutions

• Vulnerability scanning services or solutions.

• Conduct targeted validation and detailed assessments of client processes applications products policydocumentationandthird-party adherence to PCI DSS requirements.

• Delivers findings recommendations and remediation steps for all activities in a clearconciseand audience-specificformat.

• Strong understanding of cloud platforms cloud security principles and PCI-specific requirementsincluding segmentation access control encryption and loggingwith the ability to assess PCI applicability within cloud shared responsibility models.

• Familiarity with containerization and orchestration technologies (e.g. Kubernetes) and their secure configuration in PCI-scoped environments.

• Ability toestablishcredibility andmaintainstrong working relationships with teams involved with payment security (InfoSec Legal Business Development Physical Security Developer Community Networking Systems etc.).

• Strong understanding of application security practices (such as OWASP Top 10) and familiarity with other compliance standards/frameworks like ISO 27001/27002 NIST HITRUST COBIT SOX GLBA SSAE16/SOC 2 HIPAA etc.

• Working knowledge of AI/GenAI technologies with awareness of related data security and governance risks relevant to PCI DSS environments.

Minimum years experience required

5-8 Years