SRC _PCI _Senior Associate

• 2–10 years of Information Security experience, with relevant PCI experience performing assessments, advisory work, or compliance implementation.
• Strong understanding of PCI DSS ecosystems, scoping, compliance processes, and maintaining ongoing compliance programs.
• Experience working with PCI DSS v4.0.1 requirements, controls, and testing procedures.
• Understanding PCI DSS segmentation testing, scoping principles, and evidence validation techniques.
• Preferably certified as PCI QSA or ISA (optional), with experience leading or supporting PCI DSS assessments and generating ROCs/Self-Assessments.
• Experience with PCI Industry benchmarking, RFPs/RFQs, scoping, SAQs, auditing, remediation and providing recommendations to large enterprises.
• SME-level knowledge in controls implementation, assessments, perform gap analysis, compliance reporting, and creation of PCI-aligned policies, procedures, and governance checks.
• Must have strong experience in implementing/assessing the P2PE solution requirements and testing procedures, encryption/decryption methodologies and key management within secure cryptographic devices.
• Responsible for building and influencing payment security as a core competency across clients, internal teams, partners, and vendors. This includes providing education, developing processes and procedures, standard templates, accelerators, and training to support internal competency build.
• Strong understanding and hands-on experience in conducting security reviews of various cybersecurity solutions, including but not limited to the following:
• Application or network firewalls
• Intrusion detection/prevention systems
• Database or other storage solutions
• Encryption solutions
• Security audit/log monitoring solutions
• File integrity monitoring solutions.
• Anti-virus solutions
• Vulnerability scanning services or solutions.
• Conduct targeted validation and detailed assessments of client processes, applications, products, policy documentation and third-party adherence to PCI DSS requirements.
• Delivers findings, recommendations and remediation steps for all activities, in a clear, concise and audience-specific format.
• Strong understanding of cloud platforms, cloud security principles, and PCI-specific requirements—including segmentation, access control, encryption, and logging—with the ability to assess PCI applicability within cloud shared responsibility models.
• Familiarity with containerization and orchestration technologies (e.g., Kubernetes) and their secure configuration in PCI-scoped environments.
• Ability to establish credibility and maintain strong working relationships with teams involved with payment security (InfoSec, Legal, Business Development, Physical Security, Developer Community, Networking, Systems, etc.).
• Strong understanding of application security practices (such as OWASP Top 10) and familiarity with other compliance standards/frameworks like ISO 27001/27002, NIST, HITRUST, COBIT, SOX, GLBA, SSAE16/SOC 2, HIPAA etc.
• Working knowledge of AI/GenAI technologies, with awareness of related data security and governance risks relevant to PCI DSS environments.
  

Minimum Years Experience Required

• Related payment security control and compliance experience in conducting, executing and managing fieldwork for assessments: PCI DSS, SOX, GLBA, HIPAA desirable.
• Strong leadership, teamwork, and collaboration abilities.
• Ability to quickly acquire and utilize knowledge on new technologies and solutions, emerging threats and vulnerabilities.
• Must have experience with Business development and should be able to contribute to team development and growth.
• Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
• Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
• Excellent written, oral communication and presentation skills.
• Ability to listen and contribute effectively to team environments.
• Results oriented, high energy, self-motivated.
• Worked in a client facing role.
  

Professional & Educational Background

• MCA / BE / B Tech
• Preferred certifications: PCI QSA/ISA, PCIP, CISSP, CISA, CISM, CRISC, or other comparable audit/security certifications.