Senior Security Compliance Specialist (PCI)

Job Title: Senior Security Compliance Specialist (PCI)
Location: Rocklin, San Francisco, San Jose CA
Duration:6+Monts
Salary Conversion Range - $150k-$165k/yr
Interview Process:
Ideally, as many rounds in person in Rocklin as possible:

• 1^stround - 30 minutes, with mngr
• 2^ndround - 45 minutes, panel with mngr and team
• 3^rd round - 30 minutes, Sr. Leadership, CISO and SVP, Technology.

Team Overview: Technology Security and Compliance.

Project Description:
The Senior Security Compliance Specialist is responsible for leading the company s PCI DSS compliance program and ensuring sustained protection of cardholder data across the enterprise. This role partners with security, engineering, infrastructure, and business teams to assess controls, manage and document PCI scope, and drive remediation efforts to maintain compliance with PCI DSS requirements.
The position serves as the organization s PCI subject matter expert and works to improve the company s security posture through risk management, process improvement, and compliance automation.
Duties:

• Lead the enterprise PCI DSS compliance program, including preparation for annual assessments and ongoing control validation.
• Conduct PCI readiness assessments and identify gaps in compliance with PCI DSS requirements.
• Act as a consultant when someone has question for PCI
• Monitor standards and update
• Partner with technology and business teams to design and implement remediation plans for identified compliance gaps.
• Provide guidance to technical teams on implementing and maintaining PCI controls.
• We have a lot of vulnerabilities - this person needs to be technically savvy enough to be able to advise on how to remediate vulnerability or out of compliance conditions, need to know how to propose solutions to tech team
• Lead PCI scoping and segmentation efforts to reduce the organization s cardholder data environment and overall compliance scope.
• Maintain PCI documentation, evidence repositories, and compliance reporting.
• Provide periodic updates to leadership on PCI compliance posture, risks, and remediation progress.
• Improve compliance processes using GRC tools, automation, and scalable control monitoring.

Top Requirements:

Bachelor s degree or equivalent experience in information security, risk, or compliance.

• 7+ years of experience in information security or compliance roles.
• 5+ years of direct PCI DSS experience supporting or leading PCI compliance programs.
• Strong knowledge of PCI DSS and experience implementing controls in complex enterprise environments.
• QSA or CISSP certification strongly preferred.
• Need to be comfortable and professional when articulating findings/justifications/action plans to senior leadership

Technical Requirements

• Experience working in large-scale enterprise technology environments.
• Strong understanding of security frameworks including PCI DSS, ISO 27001, COBIT, and SOX.
• Experience performing risk assessments and compliance gap analyses.
• Experience with GRC platforms and compliance automation tools.
• Strong written, verbal, and executive communication skills.
• Ability to influence cross-functional teams and drive remediation efforts.
• Experience working within the retail sector
• Ideally coming from retail and/or ecommerce
• Need to at least come from a complex, enterprise environment where pay and credit card transactions are happening.