PCI Card Production and Provisioning / CPP

Position; Sr PCI SME

REMOTE

Duration: 3 Months

10+ Years

PCI SME

Remote - 3 months

We are seeking a PCI Card Production and Provisioning (CPP) Security SME with deep expertise in PCI Logical and Physical Security requirements, particularly with Remote Access, to join our cybersecurity and compliance team. The ideal candidate will help refresh and redefine legacy architectures and lead the implementation of zone-based access controls, ensuring secure access across complex environments.

Key Responsibilities:

• Serve as the Subject Matter Expert (SME) on PCI CPP standards, with a primary focus on Logical Security (Remote Access)and Physical Security.
• Architect, review, and refresh logical security controls in accordance with latest PCI CPP standards and evolving compliance requirements.
• Redefine and implement zone-based architectures to properly segment and control access to cardholder data environments (CDEs).
• Collaborate across multiple technical and business streams to ensure secure and compliant remote access into and out of the environment.
• Provide strategic input and hands-on support during PCI audits, including documentation, evidence collection, and direct interaction with auditors.
• Partner with infrastructure, application, and network teams to implement secure, policy-driven remote access technologies and controls.
• Lead security assessments of existing remote access mechanisms and design remediation plans aligned with current standards.
• Develop and maintain artifacts such as network diagrams, data flow diagrams, and control matrices specific to PCI Logical and Remote Access requirements.
• Educate internal teams and stakeholders on PCI compliance impacts related to logical access, remote connectivity, and zone segmentation.

Required Qualifications:

• Minimum 5 years of experience in PCI compliance and Logical and Physical Security architecture, particularly within Card Production and Provisioning (CPP) environments.
• Demonstrated expertise in PCI DSS and PCI CPP standards, including prior involvement in audits and certification processes.
• In-depth understanding of Remote Access of PCI CPP requirements and how it applies to real-world enterprise environments.
• Proven experience designing and implementing zone-based architectures and secure network segmentation.
• Experience coordinating with auditors and multiple internal teams across security, infrastructure, and application domains.
• Familiarity with remote access technologies such as VPNs, jump servers, bastion hosts, and secure proxies.
• Strong verbal and written communication skills, including experience presenting technical designs and compliance strategies to stakeholders.

Preferred Qualifications:

• Experience refreshing outdated PCI controls and aligning legacy systems with current compliance frameworks.
• Hands-on experience with access control technologies, identity and access management (IAM), and multi-factor authentication (MFA) solutions.
• Industry certifications such as CISSP, CISA, PCIP, or ISA (Internal Security Assessor) are a plus.