PCI Compliance Lead
Old National Bank · Lafayette, IN · 3 wk ago
Sales$98k–$199k/yrFull-time
Responsibilities
- Lead the organization’s PCI Compliance Program including Payment Card Industry Data Security Standard (PCI-DSS).
- Ensure compliance with PCI Standards and PCI-DSS requirements to protect cardholder data and maintain secure payment environments.
- Drive education, communication, and training initiatives which promote behaviors which reduce risk and reinforce a strong information security and risk management culture.
- Collaborate with first-line teams and risk offices on control design, refinement, and implementation of PCI-related safeguards.
- Coordinate with Procurement and Third-Party Risk Management to evaluate and track PCI compliance obligations for vendors and partners.
- Perform PCI assessments to support compliance, safeguard cardholder data, reduce security risk, and strengthen overall security posture.
- Conduct control testing to evaluate effectiveness and identify gaps, providing actionable recommendations.
- Manage PCI audits, including evidence gathering, issue socialization, and support for remediation activities.
- Create and maintain PCI compliance dashboards, scorecards, and KPIs to monitor program effectiveness and risk trends.
- Stay current with industry regulations, frameworks, and best practices such as PCI, ISO27XXX, NIST, CRI, SCF, GLBA, and SOX.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Security, Information Technology, Business, or a related field.
- 7+ years of experience in compliance, risk management, or information security, with a strong focus on PCI-DSS.
- Direct experience building a PCI Compliance Program and managing the PCI-DSS compliance lifecycle from readiness to certification.
- Experience working with QSA firms in a regulated environment.
- Experience with frameworks and best practices such as ISO27XXX, NIST CSF, CRI, SCF.
- Excellent project management, leadership, and communication skills.
- Achieved or in pursuit of a globally recognized information security certification such as PCI Internal Security Assessor (ISA), PCI Professional (PCIP), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent.
- Formal project or program management certification (e.g., PMP, PgMP) preferred.