Job Category: IT
Job Number: 5232
Cybersecurity Compliance Lead
The Governance, Risk & Compliance (GRC) Payment Card Industry Data Security Standards (PCI DSS) Compliance Lead enables continuous compliance with applicable laws, regulations, and frameworks – with specific focus on the Payment Card Industry Data Security Standard. In this role, the Lead acts as a subject matter expert for compliance requirements and the deployment of enterprise and local controls and the evaluation of compensating controls. This position requires strong communication abilities, as it engages with cross-functional business partners, team members, and leadership across the organization. As an influential member of the compliance team, this position addresses systems and processes that impact environments in scope for PCI and reinforces the compliance culture by demonstrating a strong understanding of current and upcoming trends in cybersecurity compliance, the PCI DSS and complementary audit requirements and controls.
- Administer the compliance program within Global Information Security function with particular focus on Payment Card Industry Data Security Standard (PCI DSS)
- Facilitate and execute enterprise scoping, control assessments, evidence collection, issue remediation, and reporting activities
- Communicate program compliance issues and control gaps through governance and audit control processes
- Provide consultative support to cross-functional business partners on the methods, practices and solutions that achieve the requirements defined by applicable compliance frameworks
- Administer the annual re-certification for PCI compliance across in-scope card processing environments
- Conduct and document evaluations of compensating controls
- Administer the common controls framework to ensure relevant internal and external information security requirements are mapped and communicated to the enterprise
- Maintain compliance related policy, standard and procedure documentation to drive consistent, reliable, and repeatable compliance activities
- Coordinate relevant, policy, standard, and procedural changes with key IT and business partners
- Support the development and implementation of PCI security awareness, training, and continuous improvement efforts
- Five or more years’ of progressive Information Security work experience within a relevant security compliance role and setting, with broad exposure to multiple competing regulatory and industry-based requirements and environments.
- Experience in operationalizing IT compliance activities and programs, and proven presentation and facilitation skills
- Experience preparing and presenting Attestations of Compliance and providing guidance in implementing controls stated in the PCI -DSS self-assessment questionnaires.
- Experience working with ISO 27001, NIST 800-53 security frameworks and PCI DSS Standard in complex IT operating environments is required.
- Exceptional teaming skills incorporating cross-functional teams, peer relationships, informing, and understanding and appreciating differences.
- Strong project management, prioritization, presentation, and facilitation skills, demonstrated ability to effectively manage multiple tasks and priorities and drive change across a complex organization, through multiple stakeholders
- Strong consultative skills, with the ability to advise and consult with business and technical professionals.
- CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information System Security Professional) or similar industry certification is preferred
- Some international travel may be required.