More jobs:
PCI Compliance Specialist
Job in
Florham Park, Morris County, New Jersey, 07932, USA
Listed on 2026-07-01
Listing for:
Conduent
Full Time
position Listed on 2026-07-01
Job specializations:
-
IT/Tech
Cybersecurity, Information Security
Job Description & How to Apply Below
** PCI Compliance Specialist*
* ** About the Role*
* We are seeking a detail-oriented and operationally disciplined PCI Compliance Specialist to serve as the execution backbone of a two-person compliance team within Conduent's PCI DSS Compliance Tower. Working in close partnership with a PCI Internal Security Assessor (ISA), you will be the day-to-day operational owner of compliance activities for 2-3 assigned business units - managing evidence collection, control monitoring, artifact readiness, and compliance tracking across every stage of the annual PCI-DSS governance cycle.
This role is purpose-built for a practitioner who thrives in structured, detail-intensive environments and takes personal pride in the accuracy, completeness, and timeliness of compliance records. You will be the organized engine that keeps the team's assigned scopes audit-ready year-round, freeing the ISA to focus on assessor relationships, risk advisory, and stakeholder engagement.
** Responsibilities*
* Evidence Collection & Artifact Management
+ Serve as the primary evidence coordinator for all PCI-DSS control domains across 2-3 assigned business unit scopes, managing artifact collection from IT, operations, HR, and business unit control owners.
+ Maintain a continuous, audit-ready evidence repository for each assigned scope - organizing artifacts by control requirement, testing frequency, and assessment cycle.
+ Develop and distribute standardized evidence request packages to control owners, providing clear instructions on format, retention period, and submission deadlines.
+ Validate evidence submissions for completeness, accuracy, and alignment to the specific PCI-DSS v4.0 requirement being satisfied before logging in the repository.
+ Track evidence gaps, follow up on outstanding submissions, and escalate persistent collection failures to the ISA for stakeholder intervention.
+ Maintain version control and change logs for all compliance artifacts to support QSA review and year-over-year comparison.
Control Monitoring & Testing Calendar Execution
+ Execute the control monitoring calendar for each assigned scope, performing or coordinating scheduled PCI-DSS control tests at daily, weekly, monthly, quarterly, and annual frequencies as defined by the ISA.
+ Document control test results with supporting evidence, noting pass/fail status, observations, and any exceptions identified during testing.
+ Track and log control exceptions, working with the ISA to initiate issue tickets and assign remediation owners through established workflows.
+ Coordinate and document quarterly User Access Reviews (UARs) for cardholder data environment (CDE) systems, collecting attestations from system owners and flagging any orphaned or excess access for remediation.
+ Support Monthly vulnerability scan cycles by coordinating scan scheduling with IT teams, collecting results, and ensuring risk ratings and remediation tickets are opened within required time frames.
+ Maintain the control monitoring log and provide a monthly status summary to the ISA for KPI reporting and dashboard updates.
Audit Support & Recertification Coordination
+ Support the ISA in executing the annual PCI-DSS recertification process for all assigned scopes - managing logistics, scheduling, evidence packaging, and communication with internal stakeholders throughout the assessment window.
+ Prepare and maintain structured evidence binders and audit response packages for each control domain, ensuring all artifacts are labeled, indexed, and traceable to specific PCI-DSS v4.0 requirements.
+ Track all QSA Requests for Information (RFIs) in the team's audit management system, coordinating timely responses from control owners and flagging items at risk of missing SLA to the ISA.
+ Maintain a master findings tracker for all assigned scopes, logging audit findings, management responses, remediation owners, target dates, and closure evidence across internal and external audit cycles.
+ Support the ISA in preparing Attestations of Compliance (AOCs), Self-Assessment Questionnaires (SAQs), and Report on Compliance (ROC) documentation by compiling required data and validating input accuracy.
+ Assist with post-audit retrospectives by compiling evidence submission timelines, RFI logs, and findings summaries for lessons-learned analysis.
Scope Documentation & Registry Maintenance
+ Maintain and update CDE boundary diagrams, data flow diagrams, and network segmentation documentation for each assigned scope, initiating updates within 30 days of any environment change.
+ Maintain the risk acceptance register for assigned scopes, tracking open…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×