Cybersecurity PCI Compliance Advisor

Information Security Advisor (Cybersecurity PCI Compliance Advisor)

Information Security Risk Management

Hybrid 1: This role requires associates to be in-office 1 - 2 days per week in the Indianapolis, IN or Atlanta, GA office, fostering collaboration and connectivity, while providing flexibility to support productivity and work-life balance. This approach combines structured office engagement with the autonomy of virtual work, promoting a dynamic and adaptable workplace.

• Please note that per our policy on hybrid/virtual work, candidates not within a reasonable commuting distance from the posting location(s) will not be considered for employment, unless an accommodation is granted as required by law.

The Information Security Advisor is responsible for leading and supporting Payment Card Industry Data Security Standard (PCI DSS) compliance activities across the enterprise. This role provides subject matter expertise for PCI DSS control interpretation, assessment readiness, evidence review, remediation tracking, scope validation, control testing, and stakeholder engagement. The Advisor supports PCI Internal Security Assessor (ISA), Qualified Security Assessor (QSA), Report on Compliance (ROC), Self-Assessment Questionnaire (SAQ), Attestation of Compliance (AOC), and related PCI DSS assessment activities across business, technology, security, compliance, and third-party environments. This role requires strong knowledge of PCI DSS requirements, payment environments, cardholder data flows, segmentation, compensating controls, evidence validation, and risk-based compliance decision-making. The Advisor will partner with internal teams, external assessors, business owners, technology owners, service providers, and leadership to maintain PCI compliance, support audit readiness, and strengthen the organization’s payment security control environment.

How you will make an impact:

• Provides first level engineering design functions and trouble resolution.

• Provides trouble resolution and serves as point of technical escalation on complex problems.

• Support PCI governance activities, including maintenance of PCI policies, standards, procedures, control matrices, evidence repositories, assessment schedules, risk registers, and compliance dashboards.

• Evaluate third-party service provider PCI responsibilities, including review of AOCs, responsibility matrices, shared responsibility documentation, contracts, service descriptions, and supporting security evidence.

• Develops testing plans to ensure quality of implementation.

• Support internal and external audit activities related to PCI DSS, HIPAA, HITRUST, SOC 2, NIST, and other cybersecurity or regulatory compliance requirements.

• Provides system and network architecture support for information and network security technologies.

• Provides technical support to business and technology associates in risk assessments and implementation of appropriate information security procedures, standards and technologies.

• Maintains security incident response plans.

• Represents major upgrades and business system replacements in change control.

• Designs & engineers repetitive technical solutions based on business requirements and defined technology standards.

• Develops support procedures and performance metrics reports.

• Leads level 1 & 2 incident recoveries.

• May organize the efforts of other analysts as part of incident recovery.

• Mentor analysts and control owners by providing guidance on PCI evidence quality, control interpretation, assessment documentation, remediation planning, and stakeholder communication.

• Contribute to continuous improvement of PCI compliance processes, templates, workflows, reporting, evidence management, automation opportunities, and program maturity initiatives.

• Use AI-enabled tools and emerging technologies responsibly to improve productivity, research, documentation quality, control analysis, workflow efficiency, reporting, and decision support while maintaining data protection, confidentiality, and compliance requirements.

Minimum Requirements: 

• Requires BS/BA degree in Information Technology or related field of study and a minimum of 5 years experience in systems support, system administration, system engineering, system security, access management, network security, network communications, computer networking, telecommunications, systems development and management, hardware, software, and/or data; or any combination of education and experience, which would provide an equivalent background.

Preferred Skills, Capabilities and Experiences:

• Requires experience in planning and designing highly complex systems.

• Experience with multiple technical and business disciplines strongly preferred.

• Security Certifications: CISSP or other technical security certifications (e.g. Systems Security Certified Practitioner, Certification and Accreditation Professional) strongly preferred.

• Bachelor’s degree in cybersecurity, information systems, computer science, risk management, business, audit, or a related field; or equivalent combination of education, training, and work experience.

• 5+ years of experience in cybersecurity, PCI compliance, IT audit, GRC, technology risk management, information security, regulatory compliance, or a related field.

• Experience using GRC, workflow, ticketing, audit management, or evidence management tools.

• Active or prior PCI Internal Security Assessor (ISA) certification or PCI Qualified Security Assessor (QSA) certification.

• Familiarity with PCI-related standards and guidance, including PCI DSS, PCI 3DS, PCI P2PE, PCI PIN Security, PCI Secure Software Standard, PCI SSF, and PCI SSC guidance documents.