Payment Security & Compliance Program Manager - 10981

About The Position

Requirements

• 5–8+ years of experience in security compliance, cloud security, technical audit, or payment security programs.
• Deep expertise in PCI DSS (ideally PCI DSS v4.0) with hands-on experience supporting or preparing for QSA-led assessments; SWIFT CSCF or other high-security financial frameworks strongly preferred.
• Strong technical understanding of cloud platforms (AWS/Azure), IAM, encryption, logging/monitoring, network segmentation, and CI/CD pipelines.
• Proven success collaborating with engineering, cloud operations, SRE, and security engineering teams on control implementation and validation.
• Excellent documentation, governance, and process discipline, with the ability to drive multi-team remediation and maintain ongoing compliance rigor.
• Experience with GRC platforms such as TrustCloud, Archer, ServiceNow, or comparable tooling.

Responsibilities

• Own and manage end-to-end PCI DSS and SWIFT CSCF programs , including scope maintenance, control applicability, compensating controls, authoritative documentation, and annual assessment readiness.
• Operate continuous compliance and evidence management , maintaining a validated, audit-ready evidence library in our GRC Platform with structured refresh cadences for all PCI/SWIFT controls.
• Provide scoping, segmentation, and architecture governance by partnering with Engineering and Cloud Ops to review CDE boundaries, trust zones, architectural changes, and enforce required technical controls.
• Monitor and validate technical security controls across IAM, encryption, segmentation, logging/monitoring, vulnerability management, and incident response; maintain control monitoring logs and drive hardening improvements.
• Lead internal-facing audit support and remediation governance , partnering with QSA/CSCF assessors, preparing audit populations, managing walkthroughs, and driving remediation tracking, prioritization, and validated closure.
• Maintain system-of-record documentation and emerging standards readiness , ensuring PCI/SWIFT artifacts meet regulatory expectations while monitoring framework updates, leading impact analyses, and planning for new requirements.