Description

Job Title: PCI Manager 

Location: Bangalore, Hyderabad

Experience: 5 - 7 years 

Job Description:

We are seeking a Manager-level Payment Card Industry (PCI) Qualified Security Assessor (QSA) to join our Security and Privacy Risk consulting practice. As a Manager of CyberCompliance, you will drive the growth of cybersecurity service offerings while understanding industry-specific risks and payment card security requirements. You’ll assist organizations in developing robust data protection programs to safeguard critical assets, particularly the cardholder data environments of USI clients. Your team will focus on assessing, designing, and implementing cybersecurity risk management practices such as network segmentation, vulnerability management, data classification, encryption, de-
identification, and sensitive data monitoring solutions to ensure cyber regulatory alignment for data-rich organizations.

Roles & Responsibilities:

  • Manage the timely delivery of engagement results and high-quality deliverables, adhering to professional and industry standards.
  • Hands-on delivery and execution of project tasks for complex technology environments.
  • Present project status, risk-based observations, and proposed solutions to clients’ senior management.
  • As a first choice advisor, cultivate and maintain relationships with stakeholders, identifying opportunities for technological and operational risk mitigation.
  • Assess payment card compliance maturity and assist clients in building and implementing sustainable PCI compliance programs.
  • Support organizations in developing and implementing information governance frameworks.
  • Aid clients in designing and maintaining payment card industry and cyber compliance programs, including operational processes, technology, and guidelines.
  • Identify opportunities to expand service scope within engagements and contribute to market-facing initiatives to attract new client prospects.
  •  Communicate strategic and tactical risks of account data protection, advanced security threats, enterprise security management practices, and innovative security solutions to clients.
  • Translate complex technical issues into executive-style reports and presentations for senior management.
  • Leverage industry and technical expertise to identify improvement opportunities for clients and support remediation services.
  • Supervise, train, and mentor staff, coordinating with client resources as necessary.
  • Assist in building the SPRC practice by expanding the team’s size and skill set.
  • Set performance expectations for staff and provide constructive feedback.
  • Oversee and train junior team members during service delivery, ensuring quality and fostering growth.
  • Support business development efforts to acquire new clients and expand existing relationships.
  • Identify business opportunities and enhance go-to-market strategies.
  • Advise area leadership on SPRC service line growth and market strategies.
  • participate in professional organizations and develop thought leadership in relevant cybersecurity topics for internal and external branding.
  • Ensure revenue targets are met, and service offerings remain responsive to the evolving business environment

Required Qualifications:


 Active or former PCI QSA or PCI ISA certification with experience preparing Level 1 and Level 2 PCI DSS Reports on Compliance (ROCs) or 3+ years of PCI DSS experience

with one or more of the following


certifications:

  • (ISC)2 Certified Information System Security Professional (CISSP)
  • ISACA Certified Information Security Manager (CISM)
  • Certified ISO 27001 Lead Implementer 1
  • (METI) Registered Information Security Specialist (RISS)
  • ISACA Certified Information Systems Auditor (CISA)
  • GIAC Systems and Network Auditor (GSNA)
  • Certified ISO 27001 Lead Auditor
  • IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor
  • IIA Certified Internal Auditor (CIA)

 Bachelor’s degree in information technology, business, or related discipline from an accredited college/university.
 5+ years of related work experience in cyber compliance consulting or equivalent advanced academic experience.
 Familiarity with cybersecurity program components and supporting
workflows, such as:

  • Regulatory monitoring
  • Business requirements definition
  • Data inventory and information flow mapping
  • Cybersecurity risk management
  • Third-party vendor management
  • Interactions with consumers (data subject requests)
  • Incident management and breach notifications

 Technical knowledge of network and IT infrastructure, application/database design, IT governance, risk management, incident response, and typical network/IT security components.
 Working knowledge of key cybersecurity compliance standards and regulations, including PCI DSS, NIST CSF, GLBA, etc.
 Proven people skills with experience operating in a professional services firm, large consultancy, or similar environment.
 Demonstrated ability to collaborate effectively, especially with cross- functional teams.

Education

Bachelor’s degree in information technology