Job Description

Roles & Responsibilities

PCI & Compliance Management

• Implement, operate, and continuously improve PCI-related security controls across servers, networks, applications, and

supporting infrastructure.

• Lead the development and execution of an enterprise-level PCI compliance strategy and roadmap, aligned with business

goals.

• Coordinate and manage internal and external PCI audits, acting as the primary liaison with auditors, regulators, and other

stakeholders.

• Track audit findings, coordinate remediation efforts, and ensure timely closure to maintain PCI compliance reports and

attestations.

• Manage compliance activities related to PCI DSS, PCI CP&P, PCI SSF, PCI MPOC, PCI PIN, PCI P2PE, and other applicable

standards.

• Ensure all new products, software releases, TPP, Back Office, Data Centers, and Perso Bureau processes comply with PCI

requirements by design.

• Maintain and manage Cardholder Data Environment (CDE) mapping to define scope and control coverage.

Security Scanning & Vulnerability Management

• Track and maintain all PCI-mandated security scanning requirements, including internal, external, and application

vulnerability scans.

• Ensure scan reports are compliant, reviewed, and submitted before defined deadlines.

• Work with IT, infrastructure, and application teams to remediate identified vulnerabilities and validate closure.

• Maintain documentation and evidence for scanning, remediation, and compliance verification.

Infrastructure, Server & VM Security

• Support secure management, configuration, hardening, patching, and access control of servers and machines

• Assist with secure deployment and maintenance of on-prem and cloud environments in compliance with security and

regulatory standards.

Network & Endpoint Security

• Support firewall configuration and change management, including periodic rule reviews and access control monitoring.

• Manage solutions, review alerts, support investigations, and escalate incidents as necessary.

• Assist in endpoint security hardening and malware protection strategies.

Identity & Access Management

• Provide Active Directory and IAM support, including user access reviews, group management, privilege control, and

enforcement of security policies.

• Ensure logical and physical access controls align with PCI, PCI-CP&P and other compliance requirements.

• Support physical access control systems, visitor management, and secure media/document handling.

Physical Security Operations

• Oversee CCTV monitoring, access control systems (badges, biometrics, mantraps), and secure entry points.

• Ensure proper handling, storage, and disposal of physical media and sensitive documents.

Incident Management & Response

• Participate in detection, analysis, and response to security incidents.

• Investigate alerts, firewall, and monitoring tools; coordinate containment, remediation, and recovery.

• Conduct root cause analysis and implement corrective/preventive controls.

[Type here]

OMA/HRD/D01/22-V0

• Maintain incident documentation and support testing of incident response plans and playbooks.

Policies, Audits & Documentation

• Maintain, review, and update information security policies, procedures, standards, and audit documentation.

• Support SOC 2, ISO/IEC 27001, and other compliance audits with evidence, control mapping, and documentation updates.

• Ensure all compliance documentation is accurate, audit-ready, and aligns with regulatory and business requirements.

Security Awareness & Training

• Conduct PCI and information security awareness training for employees and contractors.

• Maintain training records and evidence for audits.

• Promote a culture of security and compliance across all business units.

Vendor & Third-Party Management

• Manage PCI compliance

• Conduct due diligence, monitor compliance status, and ensure contractual and regulatory obligations are met.

Risk Management & Continuous Improvement

• Identify PCI risks, conduct risk assessments, and implement mitigation plans.

• Continuously improve PCI controls and processes based on audit findings, incidents, and emerging threats.

• Provide recommendations for business, infrastructure, and application improvements to strengthen security posture.

Reporting & Governance

• Prepare and present PCI compliance metrics, dashboards, and reports for executive management.

• Track key PCI KPIs: audit findings, vulnerability remediation, training completion, and third-party compliance status.

• Serve as a subject matter expert to leadership on PCI compliance trends, regulatory updates, and best practices.

Knowledge & Skills Required:

• Strong knowledge of PCI DSS, PCI CP&P, PCI SSF, PCI MPOC, PCI PIN, PCI P2PE, SOC 2, ISO/IEC 27001.

• Hands-on understanding of:

o Server and VM management (Windows/Linux)

o Infrastructure security and system hardening

o Firewall technologies and network security

o EDR/XDR solutions

o Active Directory and identity access management

o Vulnerability management and remediation

• Experience in audit coordination, compliance reporting, and third-party risk management.

• Strong documentation, communication, and cross-functional collaboration skills.

• Knowledge of regulatory requirements for payment services (RBI, PSD2, etc.) preferred.

• Certifications preferred: PCIP, QSA, CISSP, CISM, CISA.

Desired Candidate Profile

Bachelor’s degree in information security, Computer Science, IT, or related field; Master’s preferred.

• 7–10 years of experience in information security, risk, or compliance, with 3–5 years focused on PCI compliance in

payment systems.

• Experience in payment technology, issuing/acquiring, and Perso Bureau operations preferred.