Public summary
This role involves leading PCI DSS and PIN Security risk assessments, managing PCI environment consolidation, specifying security solutions such as tokenization and encryption, conducting internal audits, developing security policies and architectures, coordinating penetration tests and vulnerability scans, training teams on security best practices, and maintaining compliance documentation. The position requires active ISA certification with proven internal audit experience, deep knowledge of PCI DSS and PIN Security requirements, technical expertise in HSM and encryption, and experience collaborating with external auditors and in complex payment environments.
Responsibilities
Conduct PCI DSS and PIN Security risk assessments across infrastructure and applications; map card data flows and identify compliance gaps; lead consolidation of PCI environments across multiple business units; specify approved tokenization, encryption, and HSM protection solutions; conduct internal audits and prepare for external assessments; develop standardized security policies, procedures, and architectures; coordinate penetration tests, vulnerability scans, and remediation efforts; train technical and business teams on requirements and best practices; collaborate with IT, cybersecurity, development, and operations teams on multidisciplinary solutions; maintain detailed compliance evidence and reports.
Qualifications
Active ISA certification with documented internal PCI DSS audit experience; comprehensive knowledge of PCI DSS and PIN Security standards; technical experience with HSM, tokenization, encryption, and network segmentation; demonstrated ability to map card data flows and analyze compliance gaps; skill in specifying security monitoring, detection, and logging tools; expertise in producing ROC, SAQ, and compliance documentation; background as QSA or QPA preferred; experience with PCI environment unification projects; strategic vision for operational cost optimization in compliance; proficiency in coordinating with QSAs, QPAs, and external auditors; experience managing vulnerability scanning, penetration testing, and large-scale remediation.