Cybersecurity PCI Compliance Advisor

About The Position

Requirements

• Requires BS/BA degree in Information Technology or related field of study and a minimum of 5 years experience in systems support, system administration, system engineering, system security, access management, network security, network communications, computer networking, telecommunications, systems development and management, hardware, software, and/or data; or any combination of education and experience, which would provide an equivalent background.
• 5+ years of experience in cybersecurity, PCI compliance, IT audit, GRC, technology risk management, information security, regulatory compliance, or a related field.

Nice To Haves

• Requires experience in planning and designing highly complex systems.
• Experience with multiple technical and business disciplines strongly preferred.
• Security Certifications: CISSP or other technical security certifications (e.g. Systems Security Certified Practitioner, Certification and Accreditation Professional) strongly preferred.
• Bachelor’s degree in cybersecurity, information systems, computer science, risk management, business, audit, or a related field; or equivalent combination of education, training, and work experience.
• Experience using GRC, workflow, ticketing, audit management, or evidence management tools.
• Active or prior PCI Internal Security Assessor (ISA) certification or PCI Qualified Security Assessor (QSA) certification.
• Familiarity with PCI-related standards and guidance, including PCI DSS, PCI 3DS, PCI P2PE, PCI PIN Security, PCI Secure Software Standard, PCI SSF, and PCI SSC guidance documents.

Responsibilities

• Provides first level engineering design functions and trouble resolution.
• Provides trouble resolution and serves as point of technical escalation on complex problems.
• Support PCI governance activities, including maintenance of PCI policies, standards, procedures, control matrices, evidence repositories, assessment schedules, risk registers, and compliance dashboards.
• Evaluate third-party service provider PCI responsibilities, including review of AOCs, responsibility matrices, shared responsibility documentation, contracts, service descriptions, and supporting security evidence.
• Develops testing plans to ensure quality of implementation.
• Support internal and external audit activities related to PCI DSS, HIPAA, HITRUST, SOC 2, NIST, and other cybersecurity or regulatory compliance requirements.
• Provides system and network architecture support for information and network security technologies.
• Provides technical support to business and technology associates in risk assessments and implementation of appropriate information security procedures, standards and technologies.
• Maintains security incident response plans.
• Represents major upgrades and business system replacements in change control.
• Designs & engineers repetitive technical solutions based on business requirements and defined technology standards.
• Develops support procedures and performance metrics reports.
• Leads level 1 & 2 incident recoveries.
• May organize the efforts of other analysts as part of incident recovery.
• Mentor analysts and control owners by providing guidance on PCI evidence quality, control interpretation, assessment documentation, remediation planning, and stakeholder communication.
• Contribute to continuous improvement of PCI compliance processes, templates, workflows, reporting, evidence management, automation opportunities, and program maturity initiatives.
• Use AI-enabled tools and emerging technologies responsibly to improve productivity, research, documentation quality, control analysis, workflow efficiency, reporting, and decision support while maintaining data protection, confidentiality, and compliance requirements.

Benefits

• merit increases
• paid holidays
• Paid Time Off
• incentive bonus programs
• medical
• dental
• vision
• short and long term disability benefits
• 401(k) +match
• stock purchase plan
• life insurance
• wellness programs
• financial education resources