PCI Assessment Specialist, Global Regulatory Assessments

About The Position

Requirements

• Minimum 5 years of professional experience in technology risk and controls, risk-based consulting, risk assessments, or audit and regulatory activities, with specific emphasis on PCI DSS.
• Comprehensive knowledge and practical experience across all domains of technology infrastructure and PCI DSS requirements, including implementation and oversight of technology risk and controls, and coordination of audit activities.
• Proven experience tracking and driving remediation of PCI findings, including validating control closure and documenting compensating controls through the formal PCI SSC process.
• Detail-oriented with strong conceptual, analytical, decision-making, time management, and prioritization capabilities.
• Exceptional oral and written communication skills with the ability to articulate complex technical concepts to diverse audiences at all organizational levels and influence without direct authority.
• Proven experience in planning, coordination, and implementation with the ability to work across teams and functions to deliver quality outcomes.

Nice To Haves

• Bachelor's degree or equivalent practical experience in a technology, business, or related discipline; experience within financial services is preferred.
• Experience reviewing vendor, third-party, or software technical documentation to identify control gaps and assess suitability against defined security and compliance requirements.
• Experience in a regulated financial services environment subject to external examinations or regulatory oversight.
• Familiarity with IT risk and process frameworks including COSO, COBIT, NIST CF, and ITIL, as well as process-focused methodologies such as Change Management, Incident Management, and SDLC.
• Demonstrated application of AI, automation, or emerging technologies to improve compliance workflows, documentation quality, or assessment efficiency.
• Sound judgment in ambiguous situations, balancing regulatory requirements with business realities to develop pragmatic, risk-informed solutions.

Responsibilities

• Oversee and manage multiple concurrent PCI assessments within firm standards and procedures, adhering to time-sensitive deadlines through effective project management and stakeholder coordination.
• Capture, review, and analyze PCI-required documentation, ensuring quality and suitability that meet PCI SSC requirements while exercising professional judgment on complex technical and compliance matters.
• Partner with Business Leads and control owners to determine and validate assessment scope across people, processes, systems, and third-party dependencies in accordance with PCI DSS scoping requirements.
• Collaborate closely with external QSAs to facilitate assessment processes, ensuring alignment with business objectives and regulatory requirements.
• Proactively monitor key risk indicators to identify non-compliance and support remediation, including the development of compensating controls to address security, risk, and control gaps.
• Provide guidance on remediation activities, ensuring appropriate resolution of issues and completion of action plans, and support the closure verification process.
• Develop and maintain strong business and technology relationships, becoming a trusted compliance partner across the firm.
• Communicate risk and control findings to key stakeholders, develop recommendations, and deliver accurate metrics and management reports on a timely basis.
• Leverage emerging technologies, including AI and automation, to enhance assessment efficiency, documentation quality, and risk identification processes.