PCI Compliance Lead

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Information Technology, Business, or a related field
• 7+ years of experience in compliance, risk management, or information security, with a strong focus on PCI-DSS
• Direct experience building a PCI Compliance Program and managing the PCI-DSS compliance lifecycle from readiness to certification
• Experience working with QSA firms in a regulated environment
• Experience with frameworks and best practices such as ISO27XXX, NIST CSF, CRI, SCF
• Excellent project management, leadership, and communication skills

Nice To Haves

• Achieved or in pursuit of a globally recognized information security certification such as PCI Internal Security Assessor (ISA), PCI Professional (PCIP), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent preferred
• Formal project or program management certification (e.g., PMP, PgMP) strongly preferred

Responsibilities

• Develop, manage, and maintain Old National Bank’s PCI Compliance Program, including PCI-DSS and all applicable PCI standards.
• Lead continuous improvement of PCI-related policies, standards, procedures, and supporting documentation.
• Provide guidance on impacts related to new technologies, infrastructure, processes, and partnerships, ensuring program alignment and adherence.
• Drive education, communication, and training initiatives which promote behaviors which reduce risk and reinforce a strong information security and risk management culture.
• Serve as the primary point of contact across stakeholders, auditors, third parties, and regulators offering technical and business expertise on PCI compliance and data security processes.
• Collaborate with first-line teams and risk offices on control design, refinement, and implementation of PCI-related safeguards.
• Coordinate with Procurement and Third-Party Risk Management to evaluate and track PCI compliance obligations for vendors and partners.
• Collaborate with first-line partners to identify and implement PCI security requirements.
• Perform PCI assessments to support compliance, safeguard cardholder data, reduce security risk, and strengthen overall security posture.
• Conduct control testing to evaluate effectiveness and identify gaps, providing actionable recommendations.
• Ensure ASV scans, penetration testing, and related remediation activities occur within required timelines.
• Communicate findings, escalate concerns based on risk level, and manage timely remediation of PCI compliance issues.
• Manage PCI audits, including evidence gathering, issue socialization, and support for remediation activities.
• Perform ongoing monitoring of the PCI Compliance Program and PCI-DSS standards, including assessing impacts of changes.
• Create and maintain PCI compliance dashboards, scorecards, and KPIs to monitor program effectiveness and risk trends.
• Develop and deliver reporting on PCI compliance status, risks, control performance, and emerging issues ensuring clear communication of PCI compliance posture.
• Stay current with industry regulations, frameworks, and best practices such as PCI, ISO27XXX, NIST, CRI, SCF, GLBA, and SOX. Proactively support identification of emerging compliance issues and recommended information security and technology risk improvements.
• Maintaining a positive and professional working relationship with peers, management, and support resources, with a constant commitment to teamwork and exemplary customer service.
• Participate in departmental activities including meetings, updates, planning, and reporting.
• Support other information security and technology risk duties assigned.

Benefits

• medical, dental, and vision insurance
• 401K
• continuing education opportunities
• employee assistance program