PCI Compliance Lead
Old National Bank · Lake Elmo, MN · 3 wk ago
Finance$98k–$199k/yrFull-time
Responsibilities
- Lead the organization’s PCI Compliance Program including Payment Card Industry Data Security Standard (PCI-DSS).
- Ensure compliance with PCI Standards and PCI-DSS requirements to protect cardholder data and maintain secure payment environments.
- Drive education, communication, and training initiatives which promote behaviors which reduce risk and reinforce a strong information security and risk management culture.
- Collaborate with first-line teams and risk offices on control design, refinement, and implementation of PCI-related safeguards.
- Coordinate with Procurement and Third-Party Risk Management to evaluate and track PCI compliance obligations for vendors and partners.
- Perform PCI assessments to support compliance, safeguard cardholder data, reduce security risk, and strengthen overall security posture.
- Conduct control testing to evaluate effectiveness and identify gaps, providing actionable recommendations.
- Ensure ASV scans, penetration testing, and related remediation activities occur within required timelines.
- Communicate findings, escalate concerns based on risk level, and manage timely remediation of PCI compliance issues.
- Manage PCI audits, including evidence gathering, issue socialization, and support for remediation activities.
- Create and maintain PCI compliance dashboards, scorecards, and KPIs to monitor program effectiveness and risk trends.
- Develop and deliver reporting on PCI compliance status, risks, control performance, and emerging issues ensuring clear communication of PCI compliance posture.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Security, Information Technology, Business, or a related field.
- 7+ years of experience in compliance, risk management, or information security, with a strong focus on PCI-DSS.
- Direct experience building a PCI Compliance Program and managing the PCI-DSS compliance lifecycle from readiness to certification.
- Experience working with QSA firms in a regulated environment.
- Experience with frameworks and best practices such as ISO27XXX, NIST CSF, CRI, SCF.
- Excellent project management, leadership, and communication skills.
- Achieved or in pursuit of a globally recognized information security certification such as PCI Internal Security Assessor (ISA), PCI Professional (PCIP), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent preferred.
- Formal project or program management certification (e.g., PMP, PgMP) strongly preferred.