Information Security Engineer III
Information Security Engineer III
PCI Compliance & Audit Governance Lead
Information Security Compliance & Risk
About the Role We are seeking a highly skilled PCI Compliance & Audit Governance Manager to serve as the dedicated end-to-end compliance owner for 2-3 assigned business units within our organization. In this critical role, you will act as the subject matter expert and primary point of accountability for Payment Card Industry Data Security Standard (PCI-DSS) compliance across your assigned scopes from day-to-day control monitoring through annual recertification and third-party audit management.
This position bridges the gap between technical security requirements and business operations, requiring a practitioner who can translate PCI-DSS mandates into actionable controls, work cross-functionally with IT, finance, legal, and business leadership, and drive a culture of sustained compliance across their assigned accounts.
Key Responsibilities
- End-to-End Compliance Governance
- Annual PCI-DSS Recertification
+ Serve as the sole compliance owner for 2–3 designated business unit scopes, maintaining comprehensive accountability for their PCI-DSS posture. + Define, implement, and continuously improve compliance governance frameworks tailored to each assigned business unit's operating model and cardholder data environment (CDE). + Establish and maintain scope boundary documentation, data flow diagrams, and network segmentation evidence for each assigned account. + Conduct regular compliance health assessments across all assigned scopes and report status to executive stakeholders via dashboards and governance reports. + Identify, document, and track control gaps, compensating controls, and risk acceptance decisions in alignment with PCI-DSS v4.0 requirements. + Partner with business unit leaders to embed compliance requirements into project intake, change management, and product development lifecycles.
+ Own the annual PCI-DSS recertification process for all assigned accounts, acting as the primary liaison with Qualified Security Assessors (QSAs) and internal stakeholders. + Develop and manage detailed recertification project plans, timelines, and RACI matrices to ensure on-time, audit-ready submissions. + Coordinate evidence collection from control owners across IT, operations, HR, and business units — validating completeness, accuracy, and audit readiness. + Maintain a continuous state of audit readiness