Principal Consultant - GRC Compliance - PCI

About The Position

Requirements

• 6–8 years of experience in regulatory compliance, GRC, or cybersecurity compliance programs
• At least 2 years of direct experience leading or building PCI DSS compliance programs
• Demonstrated experience designing and implementing enterprise compliance methodologies across multiple regulatory frameworks
• Hands-on experience working with PCI environments across hybrid infrastructure (cloud and on-premises)
• Experience conducting technical scoping and de-scoping exercises to define PCI in-scope systems and environments
• Experience developing or managing Common Control Framework (CCF) programs
• Proven success leading cross-functional compliance initiatives involving engineering, security, legal, and business stakeholders
• Strong understanding of compliance frameworks such as PCI DSS v4.0, NIST, CIS, SOX, HIPAA, CCPA , or similar regulatory standards
• Experience testing or validating technical and security controls
• Knowledge of enterprise compliance architecture and integrated control frameworks
• Experience designing compliance workflows and improving operational processes within GRC programs
• Exceptional written and verbal communication skills, including the ability to communicate effectively with technical teams, leadership, auditors, and regulators
• Ability to operate autonomously, manage escalations, and drive results in complex enterprise environments

Nice To Haves

• Professional certifications such as CISA, CRISC, CIPP, CIPM , or similar compliance and governance credentials
• Advanced PCI or regulatory compliance certifications
• Experience implementing or managing GRC platforms
• Background working within regulatory consulting, audit firms, or large enterprise compliance programs
• Experience leading enterprise-wide compliance transformation initiatives
• Familiarity with compliance automation tools and security platforms

Responsibilities

• Lead the development and maturation of the organization’s PCI DSS compliance program , including policies, procedures, governance structures, and operational workflows
• Design and implement enterprise compliance assessment methodologies that support multiple regulatory frameworks while aligning with business priorities
• Establish operational standards, documentation practices, and quality controls that ensure consistent compliance execution across teams
• Define and implement KPIs and KRIs to measure compliance program effectiveness and regulatory risk exposure
• Partner with engineering and infrastructure teams to perform technical scoping and de-scoping activities within PCI environments spanning both cloud and on-premises infrastructure
• Implement integrated compliance controls across technology and business domains to ensure comprehensive regulatory coverage
• Serve as a key liaison with internal audit, external auditors, and regulatory stakeholders , representing the organization’s compliance posture and remediation activities
• Manage third-party compliance engagements, regulatory examinations, and advisory initiatives
• Facilitate workshops with senior leaders and technical teams to address complex compliance requirements and risk decisions
• Drive cross-functional collaboration across Legal, IT, Finance, Security, and business teams to ensure regulatory alignment
• Provide guidance and education to stakeholders on evolving regulatory requirements and compliance best practices

Benefits

• Medical, Dental, Vision plans
• 401K with matching
• PTO for salaried employees