PCI DSS Internal Controls, Senior Manager

Position Overview

PCI DSS Internal Controls Senior Manager leading the transformation and ongoing management of GEICO’s PCI DSS program within the Control Program. The role supports compliance, audit readiness, and risk mitigation across security technology and operations.

• Transform, maintain, and enhance GEICO’s PCI DSS program.
• Design, implement, and sustain secure computer systems and networks that meet PCI DSS requirements.
• Identify, document, and remediate control deficiencies; communicate findings and recommendations to process owners.
• Ensure proper documentation of policies and procedures for key controls related to network and security devices.
• Perform gap analysis, identify security risks, and develop mitigation plans.
• Coordinate meetings, presentations, and reporting for management.
• Facilitate external auditors during independent testing and PCI audits.
• Assist with quarterly PCI DSS control certification surveys across the organization.
• Maintain audit findings resolution, BC/DR testing, and resolution of related issues.
• Develop governance, risk, and compliance strategies; support audit readiness for standards such as NIST
  800‑53.
• Automate audit evidence collection for cyber audits.
• Apply a risk‑based approach to audit engagement planning, execution, and reporting.
• Create efficiencies for audit engagements by establishing and maintaining a document request library.
• Stay informed on evolving regulatory concerns and IT security trends.

• Payment Card Industry Professional Certification (PCIP).
• Minimum 5years of experience in audit, control assessment, or PCIDSS.
• Strong experience with the PCIDSS standard and related frameworks (GLBA, FFIEC, NIST).
• Experience with security technologies: firewalls, IDS/IPS, encryption.
• Deep understanding of cybersecurity frameworks (ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC, CSF, ISO, GDPR, PCI).
• Experience working with internal and external auditors.
• Expertise in computer networking, network security, or related compliance areas.
• Knowledge of cloud and cyber security frameworks, architecture, and operations.
• Hands‑on experience with security testing and audit tools.
• Strong information systems auditing, monitoring, and assessment skills.
• Ability to work independently, strategically, and in a fast‑paced environment.
• Excellent critical thinking, problem‑solving, communication, and project management.

• Security+, CISM, CISSP, CISA, CRISC, or other relevant cybersecurity certifications.

• Minimum 6years in Governance, Risk, & Compliance (preferably within insurance or financial services).
• Minimum 5years working with PCIDSS and NIST
  800‑53.

Bachelor’s degree in engineering, computer science, information security, or a related field.

Hybrid role: on‑site attendance 3days per week at one of the following locations:
Chevy Chase, MD;
New York, NY; or Chicago, IL.

Annual salary range: $130,175–$212,175. Salary will be determined based on scope, experience, and market factors. GEICO will not sponsor a new applicant for employment authorization for this position.

Competitive pay, benefits, and flexibility to support your well‑being and future.

GEICO ensures fair and equal employment opportunity for all associates and applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability, or genetic information, in compliance with applicable federal, state, and local laws. GEICO promotes individuals solely on the basis of qualifications for the job. Qualified individuals with disabilities will be accommodated to the extent reasonable and not undue hardship.

GEICO maintains a work environment that is free from intimidation, harassment, discrimination, or retaliation.