PCI Compliance Specialist

Job not on LinkedIn

🔥 0 minutes ago

🇺🇸 United States – Remote

💵 $110.7k - $143.8k / year

⏰ Full Time

🟢 Junior

🟡 Mid-level

🚔 Compliance

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Conduent

WebsiteLinkedInAll Job Openings

10,000+ employees

Founded 2017

🤝 B2B

🛍️ eCommerce

🏛️ Government

💰 Venture Round on 2009-01

B2B • eCommerce • Government

Conduent is a leading provider of technology-led solutions aimed at enhancing customer experiences and improving operational efficiency for businesses and government agencies. The company offers a wide range of services, including customer experience management, finance and accounting solutions, human capital management, integrated digital solutions, and specialized services for healthcare and public sector clients. By leveraging automation and analytics, Conduent helps organizations streamline processes and drive business success.

📋 Description

• Serve as the primary evidence coordinator for all PCI-DSS control domains across 2-3 assigned business unit scopes, managing artifact collection from IT, operations, HR, and business unit control owners. • Maintain a continuous, audit-ready evidence repository for each assigned scope - organizing artifacts by control requirement, testing frequency, and assessment cycle. • Develop and distribute standardized evidence request packages to control owners, providing clear instructions on format, retention period, and submission deadlines. • Validate evidence submissions for completeness, accuracy, and alignment to the specific PCI-DSS v4.0 requirement being satisfied before logging in the repository. • Track evidence gaps, follow up on outstanding submissions, and escalate persistent collection failures to the ISA for stakeholder intervention. • Maintain version control and change logs for all compliance artifacts to support QSA review and year-over-year comparison. • Execute the control monitoring calendar for each assigned scope, performing or coordinating scheduled PCI-DSS control tests at daily, weekly, monthly, quarterly, and annual frequencies as defined by the ISA. • Document control test results with supporting evidence, noting pass/fail status, observations, and any exceptions identified during testing. • Track and log control exceptions, working with the ISA to initiate issue tickets and assign remediation owners through established workflows. • Coordinate and document quarterly User Access Reviews (UARs) for cardholder data environment (CDE) systems, collecting attestations from system owners and flagging any orphaned or excess access for remediation. • Support Monthly vulnerability scan cycles by coordinating scan scheduling with IT teams, collecting results, and ensuring risk ratings and remediation tickets are opened within required timeframes. • Maintain the control monitoring log and provide a monthly status summary to the ISA for KPI reporting and dashboard updates. • Support the ISA in executing the annual PCI-DSS recertification process for all assigned scopes - managing logistics, scheduling, evidence packaging, and communication with internal stakeholders throughout the assessment window. • Prepare and maintain structured evidence binders and audit response packages for each control domain, ensuring all artifacts are labeled, indexed, and traceable to specific PCI-DSS v4.0 requirements. • Track all QSA Requests for Information (RFIs) in the team's audit management system, coordinating timely responses from control owners and flagging items at risk of missing SLA to the ISA. • Maintain a master findings tracker for all assigned scopes, logging audit findings, management responses, remediation owners, target dates, and closure evidence across internal and external audit cycles. • Support the ISA in preparing Attestations of Compliance (AOCs), Self-Assessment Questionnaires (SAQs), and Report on Compliance (ROC) documentation by compiling required data and validating input accuracy. • Assist with post-audit retrospectives by compiling evidence submission timelines, RFI logs, and findings summaries for lessons-learned analysis. • Maintain and update CDE boundary diagrams, data flow diagrams, and network segmentation documentation for each assigned scope, initiating updates within 30 days of any environment change. • Maintain the risk acceptance register for assigned scopes, tracking open risk acceptances, expiry dates, residual risk ratings, and required annual reviews. • Track compensating controls for assigned scopes, ensuring each has documented rationale, compensating measures, and a current review date on file. • Monitor policy and procedure currency for assigned scopes, flagging documents approaching their review date and coordinating with the ISA and policy owners to initiate updates. • Maintain the third-party service provider compliance tracking log for assigned scopes, following up annually on AOC renewals and flagging expired certifications to the ISA. • Coordinate annual PCI-DSS awareness training delivery for control owners, IT staff, and business operations personnel within assigned scopes - tracking enrollment, completion rates, and issuing completion certificates. • Develop and maintain training attendance records and completion reports for all assigned scopes to support audit evidence requirements. • Assist the ISA in preparing control owner briefing materials, interview guides, and evidence submission instructions ahead of assessment windows. • Support onboarding of new control owners within assigned business units, walking them through evidence expectations, submission formats, and the compliance calendar.

🎯 Requirements

• Bachelor’s degree in information security, Business Administration, Information Systems, or a related field; equivalent professional experience considered. • 2+ years of experience in compliance, audit support, IT governance, or information security operations role. • Demonstrated experience managing evidence collection or documentation programs in a regulated environment (PCI-DSS, SOC 2, ISO 27001, HIPAA, or equivalent). • Prior experience working in or supporting a compliance team with recurring audit cycles is strongly preferred. • Working knowledge of PCI-DSS requirements, control testing concepts, and the annual recertification lifecycle (SAQ/ROC/AOC process familiarity required). • Understanding of cardholder data environment (CDE) scoping concepts, including data flows, network segmentation, and system component classification. • Familiarity with vulnerability management workflows, access review processes, and log review attestation procedures. • Experience using GRC platforms, ticketing systems (e.g., ServiceNow, Jira), and document management tools for compliance tracking. • Proficiency in Microsoft Excel, Word, and SharePoint for evidence management, status tracking, and reporting.

🏖️ Benefits

• Health and Welfare Benefits: Our health and welfare benefits can be tailored to fit you and your family's needs and start on the first day of employment. • Retirement Savings: We will support you as you save for your future. • Employee Discounts: We offer you access to a vast selection of global, national, and local discounts on merchandise, services, travel, and more. • Career Growth Opportunities: We help you thrive, so together, we can grow. We provide opportunities to advance your career with a vast portfolio of businesses and a global footprint. • Paid Training: Earn while you learn and continue to grow with access to award-winning learning platforms throughout your Conduent career. • Paid time off: We provide attractive paid time off packages designed for you to enjoy your life away from work. • Great Work Environment: We are proud of our award-winning culture and the recognition we’ve received for our diversity efforts.