Job Title: PCI Compliance and Assurance Specialist
We are seeking a PCI Compliance and Assurance Specialist to lead and manage our PCI DSS certification process, ensuring compliance with regulatory requirements and maintaining security controls throughout the year.
About the Role
This role will be responsible for collecting evidence, assessing controls, and preparing for audits while also providing consultation on PCI requirements to Engineering, SecOps, and Architecture teams. Additionally, the role will support ISO 27001, SOC 2 Type 2, and other certification audits, assist with security assurance activities such as design reviews and client security questions, and collaborate with internal and external stakeholders to ensure compliance across the business.
Key Responsibilities
* Lead and manage the annual PCI DSS certification process, including preparation, evidence collection, and assessments.
* Act as the primary point of contact for all PCI-related matters, working closely with both internal teams and external assessors.
* Monitor and assess PCI DSS controls and requirements, ensuring they are effectively implemented and maintained throughout the year.
* Work with Engineering, SecOps, and Architecture teams to provide PCI consultation and ensure security-by-design principles are followed.
* Conduct internal PCI assessments, gap analysis, and risk assessments to identify areas of improvement.
* Stay up to date with PCI DSS standard updates and ensure timely adaptation of new requirements.
* Manage and support ISO 27001 and SOC 2 Type 2 certification processes, ensuring evidence gathering, control validation, and audit preparation.
* Assist in responding to client security questionnaires and third-party risk assessments, design reviews, and due diligence requests related to security and compliance.
* Collaborate with internal teams to ensure alignment between business operations and compliance obligations.
* Provide ongoing assurance to the business regarding security controls and regulatory compliance.
Requirements
* Certifications:
o QSA (Qualified Security Assessor) or ISA (Internal Security Assessor) desirable but not required.
o Other security certifications such as CISSP, CISM, CISA, or CRISC are advantageous.
* Strong understanding of PCI DSS requirements, controls, and assessment processes.
* Hands-on experience with security controls, cloud environments, and security architecture.
* Experience with ISO 27001, SOC 2 Type 2, or other security frameworks.
* Proven ability to work effectively with senior leadership, auditors, external partners, and cross-functional teams.
* Experience with design reviews, risk assessments, and security best practices.
* Strong written and verbal communication skills to effectively articulate compliance requirements and security risks.
* Proactive mindset with the ability to identify gaps, drive remediation efforts, and enhance compliance posture.
About Paydock
We are a fast-growing fintech company that is innovating payment solutions with global banks. We offer a flexible and dynamic culture where collaboration across teams creates a varied and engaging workday. You will have the opportunity to solve complex challenges in partnership with global teams and work closely with leading financial institutions on cutting-edge products.