enior Security Compliance Specialist (PCI) || San Francisco, CA or San Jose, CA or Rocklin, CA (4 days a week onsite)

uties/Day to Day Overview

• Lead the enterprise PCI DSS compliance program, including preparation for annual assessments and ongoing control validation.
• Conduct PCI readiness assessments and identify gaps in compliance with PCI DSS requirements.
• Act as a consultant when someone has question for PCI
• Monitor standards and update
• Provide guidance to technical teams on implementing and maintaining PCI controls.
• We have a lot of vulnerabilities - this person needs to be technically savvy enough to be able to advise on how to remediate vulnerability or out of compliance conditions, need to know how to propose solutions to tech team
• Provide periodic updates to leadership on PCI compliance posture, risks, and remediation progress.
• Improve compliance processes using GRC tools, automation, and scalable control monitoring.
• Partner with technology and business teams to design and implement remediation plans for identified compliance gaps.
• Lead PCI scoping and segmentation efforts to reduce the organization’s cardholder data environment and overall compliance scope.
• Maintain PCI documentation, evidence repositories, and compliance reporting.

Top Requirements

(Must haves)

• Bachelor’s degree or equivalent experience in information security, risk, or compliance.
• 7+ years of experience in information security or compliance roles.
• 5+ years of direct PCI DSS experience supporting or leading PCI compliance programs.
• Strong knowledge of PCI DSS and experience implementing controls in complex enterprise environments.
• QSA or CISSP certification strongly preferred.
• Need to be comfortable and professional when articulating findings/justifications/action plans to senior leadership

Technical Requirements

• Experience working in large-scale enterprise technology environments.
• Strong understanding of security frameworks including PCI DSS, ISO 27001, COBIT, and SOX.
• Experience performing risk assessments and compliance gap analyses.
• Experience with GRC platforms and compliance automation tools.
• Strong written, verbal, and executive communication skills.
• Ability to influence cross-functional teams and drive remediation efforts.
• Experience working within the retail sector

• Ideally coming from retail and/or ecommerce
• Need to at least come from a complex, enterprise environment where pay and credit card transactions are happening