PCI Compliance Lead

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Information Technology, Business, or a related field
• 7+ years of experience in compliance, risk management, or information security, with a strong focus on PCI-DSS
• Direct experience building a PCI Compliance Program and managing the PCI-DSS compliance lifecycle from readiness to certification
• Experience working with QSA firms in a regulated environment
• Experience with frameworks and best practices such as ISO27XXX, NIST CSF, CRI, SCF
• Excellent project management, leadership, and communication skills

Nice To Haves

• Achieved or in pursuit of a globally recognized information security certification such as PCI Internal Security Assessor (ISA), PCI Professional (PCIP), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent preferred
• Formal project or program management certification (e.g., PMP, PgMP) strongly preferred

Responsibilities

• Develop, manage, and maintain Old National Bank’s PCI Compliance Program, including PCI-DSS and all applicable PCI standards.
• Lead continuous improvement of PCI-related policies, standards, procedures, and supporting documentation.
• Provide guidance on impacts related to new technologies, infrastructure, processes, and partnerships, ensuring program alignment and adherence.
• Drive education, communication, and training initiatives which promote behaviors which reduce risk and reinforce a strong information security and risk management culture.
• Serve as the primary point of contact across stakeholders, auditors, third parties, and regulators offering technical and business expertise on PCI compliance and data security processes.
• Collaborate with first-line teams and risk offices on control design, refinement, and implementation of PCI-related safeguards.
• Coordinate with Procurement and Third-Party Risk Management to evaluate and track PCI compliance obligations for vendors and partners.
• Collaborate with first-line partners to identify and implement PCI security requirements.
• Perform PCI assessments to support compliance, safeguard cardholder data, reduce security risk, and strengthen overall security posture.
• Conduct control testing to evaluate effectiveness and identify gaps, providing actionable recommendations.
• Ensure ASV scans, penetration testing, and related remediation activities occur within required timelines.
• Communicate findings, escalate concerns based on risk level, and manage timely remediation of PCI compliance issues.
• Manage PCI audits, including evidence gathering, issue socialization, and support for remediation activities.
• Perform ongoing monitoring of the PCI Compliance Program and PCI-DSS standards, including assessing impacts of changes.
• Create and maintain PCI compliance dashboards, scorecards, and KPIs to monitor program effectiveness and risk trends.
• Develop and deliver reporting on PCI compliance status, risks, control performance, and emerging issues ensuring clear communication of PCI compliance posture.
• Stay current with industry regulations, frameworks, and best practices such as PCI, ISO27XXX, NIST, CRI, SCF, GLBA, and SOX.
• Proactively support identification of emerging compliance issues and recommended information security and technology risk improvements.
• Maintaining a positive and professional working relationship with peers, management, and support resources, with a constant commitment to teamwork and exemplary customer service.
• Participate in departmental activities including meetings, updates, planning, and reporting.
• Support other information security and technology risk duties assigned.

Benefits

• competitive compensation with our salary and incentive program
• medical, dental, and vision insurance
• 401K
• continuing education opportunities
• employee assistance program