Manager – PCI Compliance

PCI Compliance Management

Implement, operate, and continuously improve PCI‑related security controls across servers, networks, applications, and supporting infrastructure.

Lead the development and execution of an enterprise‑level PCI compliance strategy and roadmap aligned with business goals.

Coordinate and manage internal and external PCI audits, acting as the primary liaison with auditors, regulators, and other stakeholders.

Track audit findings, coordinate remediation efforts, and ensure timely closure to maintain PCI compliance reports and attestations.

Manage compliance activities related to PCI DSS, PCI CP&P, PCI SSF, PCI MPOC, PCI PIN, PCI P2PE, and other applicable standards.

Ensure all new products, software releases, TPP, Back Office, Data Centers, and Perso Bureau processes comply with PCI requirements by design.

Maintain and manage Cardholder Data Environment (CDE) mapping to define scope and control coverage.

• Track and maintain all PCI‑mandated security scanning requirements, including internal, external, and application vulnerability scans.
• Ensure scan reports are compliant, reviewed, and submitted before defined deadlines.
• Work with IT infrastructure and application teams to remediate identified vulnerabilities and validate closure.
• Maintain documentation and evidence for scanning remediation and compliance verification.

• Secure management, configuration, hardening, patching, and access control of servers and machines.
• Assist with secure deployment and maintenance of on‑prem and cloud environments in compliance with security and regulatory standards.

• Support firewall configuration and change management, including periodic rule reviews and access control monitoring.
• Manage solutions, review alerts, support investigations, and escalate incidents as necessary.
• Assist in endpoint security hardening and malware protection strategies.

• Provide Active Directory and IAM support, including user access reviews, group management, and privilege control and enforcement of security policies.
• Ensure logical and physical access controls align with PCI, PCI‑CP&P, and other compliance requirements.
• Support physical access control systems, visitor management, and secure media document handling.

• Oversee CCTV monitoring, access control systems, badges, biometrics, mantraps, and secure entry points.
• Ensure proper handling, storage, and disposal of physical media and sensitive documents.

• Participate in detection, analysis, and response to security incidents.
• Investigate alerts, firewall, and monitoring tools; coordinate containment, remediation, and recovery.
• Conduct root‑cause analysis and implement corrective and preventive controls.
• Maintain incident documentation and support testing of incident response plans and playbooks.

• Maintain, review, and update information security policies, procedures, standards, and audit documentation.
• Support SOC2, ISO/IEC
  27001, and other compliance audits with evidence, control mapping, and documentation updates.
• Ensure all compliance documentation is accurate, audit‑ready, and aligns with regulatory and business requirements.

• Conduct PCI and information security awareness training for employees and contractors.
• Maintain training records and evidence for audits.
• Promote a culture of security and compliance across all business units.

• Manage PCI compliance for third parties.
• Conduct due diligence, monitor compliance status, and ensure contractual and regulatory obligations are met.

• Identify PCI risks, conduct risk assessments, and implement mitigation plans.
• Continuously improve PCI controls and processes based on audit findings, incidents, and emerging threats.
• Provide recommendations for business, infrastructure, and application improvements to strengthen security posture.

• Prepare and present PCI compliance metrics, dashboards, and reports for executive…