Manager - RC SPRC CC PCI

Responsibilities

• Manage the timely delivery of engagement results and high-quality deliverables, adhering to professional and industry standards.
• Hands-on delivery and execution of project tasks for complex technology environments.
• Present project status, risk-based observations, and proposed solutions to clients senior management.
• As a first choice advisor, cultivate and maintain relationships with stakeholders, identifying opportunities for technological and operational risk mitigation.
• Assess payment card compliance maturity and assist clients in building and implementing sustainable PCI compliance programs.
• Support organizations in developing and implementing information governance frameworks.
• Aid clients in designing and maintaining payment card industry and cyber compliance programs, including operational processes, technology, and guidelines.
• Identify opportunities to expand service scope within engagements and contribute to market-facing initiatives to attract new client prospects.
• Communicate strategic and tactical risks of account data protection, advanced security threats, enterprise security management practices, and innovative security solutions to clients.
• Translate complex technical issues into executive-style reports and presentations for senior management.
• Leverage industry and technical expertise to identify improvement opportunities for clients and support remediation services.
• Supervise, train, and mentor staff, coordinating with client resources as necessary.
• Assist in building the SPRC practice by expanding the teams size and skill set.
• Set performance expectations for staff and provide constructive feedback.
• Oversee and train junior team members during service delivery, ensuring quality and fostering growth.
• Support business development efforts to acquire new clients and expand existing relationships.
• Identify business opportunities and enhance go-to-market strategies.
• Advise area leadership on SPRC service line growth and market strategies.
• Participate in professional organizations and develop thought leadership in relevant cybersecurity topics for internal and external branding.
• Ensure revenue targets are met, and service offerings remain responsive to the evolving business environment.

Required Qualifications

• Active or former PCI QSA or PCI ISA certification with experience preparing Level 1 and Level 2 PCI DSS Reports on Compliance (ROCs) or 3+ years of PCI DSS experience with one or more of the following certifications:
  • (ISC)2 Certified Information System Security Professional (CISSP)
  • ISACA Certified Information Security Manager (CISM)
  • Certified ISO 27001 Lead Implementer 1
  • (METI) Registered Information Security Specialist (RISS)
  • ISACA Certified Information Systems Auditor (CISA)
  • GIAC Systems and Network Auditor (GSNA)
  • Certified ISO 27001 Lead Auditor
  • IRCA ISMS Auditor or highere.g., Auditor/Lead Auditor, Principal Auditor
  • IIA Certified Internal Auditor (CIA)
• Bachelors degree in information technology, business, or related discipline from an accredited college/university.
• 5+ years of related work experience in cyber compliance consulting or equivalent advanced academic experience.
• Familiarity with cybersecurity program components and supporting workflows, such as:
  • Regulatory monitoring
  • Business requirements definition
  • Data inventory and information flow mapping
  • Cybersecurity risk management
  • Third-party vendor management
  • Interactions with consumers (data subject requests)
  • Incident management and breach notifications
• Technical knowledge of network and IT infrastructure, application/database design, IT governance, risk management, incident response, and typical network/IT security components.
• Working knowledge of key cybersecurity compliance standards and regulations, including PCI DSS, NIST CSF, GLBA, etc.
• Proven people skills with experience operating in a professional services firm, large consultancy, or similar environment.
• Demonstrated ability to collaborate effectively, especially with cross-functional teams.

Preferred Qualifications

• Proven experience engaging with diverse organizational stakeholders, including management, business, marketing, HR, IT, and Legal teams.
• Advanced degree focused on data protection, privacy, or a related field.
• Strong written, oral, and presentation skills with an innovative mindset.
• Knowledge of PCI DSS practices in retail and financial services.
• Proven ability to work seamlessly in a virtual environment with globally dispersed team members.
• Creative thinking, individual initiative, and flexibility in navigating rapid changes in technology, regulation, and client needs.
• Commitment to staying updated with advancements, challenges, and discoveries in the Security and Privacy industry.