PCI Program Director

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or a related field or equivalent experience.
• Proven experience leading or playing a primary role in delivering a PCI DSS ROC for a large, complex PCI environment.
• Experience working directly with QSAs and managing audit expectations, including scope validation and control interpretation.
• Demonstrated experience with driving or implementing PCI scope reduction strategies, including network segmentation, and tokenization implementations
• 8+ years in security, compliance, or risk
• Deep expertise in PCI DSS, CDE scoping, and control implementation

Nice To Haves

• Current or previous experience as a QSA or ISA
• PMP certification
• Travel, hospitality, or payment processing experience
• Experience implementing or integrating with tokenization providers (e.g., gateway-based, vaultless, or third-party solutions)
• Familiarity with ISO 27001, SOC, and GDPR

Responsibilities

• Lead the enterprise PCI DSS compliance program for Level 1 Service Provider designation.
• Develop and execute a comprehensive PCI program roadmap.
• Establish governance, reporting cadence, and executive-level visibility.
• Define and implement strategies to minimize Cardholder Data Environment (CDE) scope.
• Lead initiatives to reduce PCI footprint through segmentation, isolation, and architectural redesign.
• Design and implement tokenization strategies (network, application, or third-party) to eliminate storage, processing, and transmission of PAN where feasible.
• Partner with engineering and product teams to integrate tokenization into payment workflows.
• Ensure scope reduction decisions are defensible and aligned with QSA expectations and PCI DSS v4.0 guidance.
• Serve as the internal expert aligned to PCI DSS v4.0.
• Lead or coordinate development of the Report on Compliance (ROC).
• Interface with external QSAs, acquiring banks, and stakeholders.
• Conduct PCI gap assessments across infrastructure, applications, and third parties.
• Drive remediation across segmentation, IAM, logging, vulnerability management, and encryption.
• Partner with security, infrastructure, application, legal, and vendor teams.
• Drive accountability for control ownership and deadlines.
• Oversee policies, procedures, evidence artifacts, and system documentation.
• Ensure audit readiness with defensible documentation, especially around scope justification and tokenization controls.
• Identify risks and escalate appropriately.
• Provide executive-level reporting.

Benefits

• Medical
• Dental
• Vision
• employee rewards and recognitions program
• Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives
• Mental Health Support