Project Manager – PCI DSS (Applications & Infrastructure) -- Share resumes at Deepak.luhach@nvish.com
0 views
Skip to first unread message
Back Bencher
Mar 13, 2026, 11:20:35 AM (18 hours ago) Mar 13
to deepak...@nvish.com
Share resumes at Deepak...@nvish.com
Project Manager – PCI DSS (Applications & Infrastructure)
Location: Onsite – Phoenix, Arizona
About the Role
We’re seeking a hands-on Project Manager with strong experience leading PCI DSS certification/compliance programs across both applications and infrastructure. This role will own the end-to-end planning, execution, and successful completion of PCI DSS initiatives—partnering with Security, Infrastructure, Application Owners, DevOps, and external QSAs to achieve and maintain compliance on schedule.
Key Responsibilities:
Program Ownership: Lead PCI DSS program planning, roadmap, and execution for in-scope apps, services, networks, endpoints, and cloud workloads (AWS/Azure/GCP).
Scope & Gap Assessment: Coordinate scoping, gap assessments, risk identification, and remediation planning across control areas (network segmentation, encryption, logging, IAM, vulnerability management, change control, incident response, etc.).
Audit Readiness: Drive evidence collection, control implementation, process standardization, and runbooks for audit readiness; manage RFI/RFP responses with QSAs.
Stakeholder Management: Facilitate cross-functional working sessions with Security, Infra, App Engineering, DevOps/SRE, Networking, DBA, and Compliance/Legal teams.
Timeline & Deliverables: Own project plans, milestones, dependencies, risks, and RAID logs; ensure on-time remediation and successful ROC/AOC outcomes.
Third-Party/Vendor Coordination: Coordinate with QSA/ISA, MSPs, hosting providers, and SaaS vendors for shared responsibility and evidence.
Policy & Process Enablement: Align SOC/runbooks, change management (ITIL), backup/restore, access reviews, and secure SDLC with PCI DSS requirements.
Metrics & Reporting: Provide weekly status, dashboards, and executive updates; track KPIs (open findings, control coverage, evidence completeness, audit readiness).
Sustainability: Establish continuous compliance processes (e.g., monthly user access reviews, quarterly ASV scans, annual pen tests, BAU evidence cadence).
Training & Awareness: Support enablement for application teams and ops on PCI DSS control ownership and evidence expectations.
Must-Have Qualifications
• 5–10+ years of project/program management experience in security/compliance with 2–4+ years focused on PCI DSS.
• Proven success leading PCI DSS certification or re-certification for applications & infrastructure (on-prem and/or cloud).
• Strong understanding of PCI DSS controls such as:
• Network segmentation & firewall rules, secure configurations (hardening)
• Encryption (at rest/in transit), key management
• Identity & Access Management (MFA, least privilege), periodic access reviews
• Logging/monitoring, SIEM, file integrity monitoring (FIM)
• Vulnerability management (ASV scans, patch SLAs), penetration testing
• Secure SDLC, change management, incident response, business continuity
• Hands-on experience running evidence collection, control mapping, and audit coordination with QSA/ISA.
• Excellent project planning, stakeholder communication, risk management, and executive reporting skills.
• Proficiency with Microsoft 365 (Excel, PowerPoint, Teams), and project tools (Jira/Confluence, MS Project/Smartsheet, or equivalent).
Nice-to-Have
• PCI certifications: ISA, QSA, or demonstrable experience partnering closely with QSAs.
• Industry certifications: PMP, Prince2, CSM, CISM, CISA, CISSP (any relevant is a plus).
• Experience with cloud security and shared responsibility in AWS/Azure/GCP (e.g., KMS, Security Hub, GuardDuty, IAM, PrivateLink, WAF).
• Familiarity with DevSecOps, container security, and CICD governance.
• Experience aligning PCI with adjacent frameworks (SOC 2, ISO 27001, NIST CSF).
Tools & Environment (as applicable)
• Ticketing/PM: Jira, Azure DevOps, ServiceNow, MS Project, Smartsheet
• Evidence/Docs: Confluence, SharePoint, Google Drive
• Security stack: Splunk/Datadog/ELK, Qualys/Tenable/Rapid7, CrowdStrike/Defender, HashiCorp Vault/KMS
• Cloud: AWS/Azure/GCP core services, network & security services
Key KPIs / Success Measures
• Achieve PCI DSS ROC/AOC on time and within scope.
• % of controls implemented & verified; evidence completeness rate.
• Aging of open findings & time-to-remediate.
• Audit issues: count/severity across internal/QSA reviews.
• Stakeholder satisfaction and on-time milestone delivery.
Project Manager – PCI DSS (Applications & Infrastructure)
Location: Onsite – Phoenix, Arizona
About the Role
We’re seeking a hands-on Project Manager with strong experience leading PCI DSS certification/compliance programs across both applications and infrastructure. This role will own the end-to-end planning, execution, and successful completion of PCI DSS initiatives—partnering with Security, Infrastructure, Application Owners, DevOps, and external QSAs to achieve and maintain compliance on schedule.
Key Responsibilities:
Program Ownership: Lead PCI DSS program planning, roadmap, and execution for in-scope apps, services, networks, endpoints, and cloud workloads (AWS/Azure/GCP).
Scope & Gap Assessment: Coordinate scoping, gap assessments, risk identification, and remediation planning across control areas (network segmentation, encryption, logging, IAM, vulnerability management, change control, incident response, etc.).
Audit Readiness: Drive evidence collection, control implementation, process standardization, and runbooks for audit readiness; manage RFI/RFP responses with QSAs.
Stakeholder Management: Facilitate cross-functional working sessions with Security, Infra, App Engineering, DevOps/SRE, Networking, DBA, and Compliance/Legal teams.
Timeline & Deliverables: Own project plans, milestones, dependencies, risks, and RAID logs; ensure on-time remediation and successful ROC/AOC outcomes.
Third-Party/Vendor Coordination: Coordinate with QSA/ISA, MSPs, hosting providers, and SaaS vendors for shared responsibility and evidence.
Policy & Process Enablement: Align SOC/runbooks, change management (ITIL), backup/restore, access reviews, and secure SDLC with PCI DSS requirements.
Metrics & Reporting: Provide weekly status, dashboards, and executive updates; track KPIs (open findings, control coverage, evidence completeness, audit readiness).
Sustainability: Establish continuous compliance processes (e.g., monthly user access reviews, quarterly ASV scans, annual pen tests, BAU evidence cadence).
Training & Awareness: Support enablement for application teams and ops on PCI DSS control ownership and evidence expectations.
Must-Have Qualifications
• 5–10+ years of project/program management experience in security/compliance with 2–4+ years focused on PCI DSS.
• Proven success leading PCI DSS certification or re-certification for applications & infrastructure (on-prem and/or cloud).
• Strong understanding of PCI DSS controls such as:
• Network segmentation & firewall rules, secure configurations (hardening)
• Encryption (at rest/in transit), key management
• Identity & Access Management (MFA, least privilege), periodic access reviews
• Logging/monitoring, SIEM, file integrity monitoring (FIM)
• Vulnerability management (ASV scans, patch SLAs), penetration testing
• Secure SDLC, change management, incident response, business continuity
• Hands-on experience running evidence collection, control mapping, and audit coordination with QSA/ISA.
• Excellent project planning, stakeholder communication, risk management, and executive reporting skills.
• Proficiency with Microsoft 365 (Excel, PowerPoint, Teams), and project tools (Jira/Confluence, MS Project/Smartsheet, or equivalent).
Nice-to-Have
• PCI certifications: ISA, QSA, or demonstrable experience partnering closely with QSAs.
• Industry certifications: PMP, Prince2, CSM, CISM, CISA, CISSP (any relevant is a plus).
• Experience with cloud security and shared responsibility in AWS/Azure/GCP (e.g., KMS, Security Hub, GuardDuty, IAM, PrivateLink, WAF).
• Familiarity with DevSecOps, container security, and CICD governance.
• Experience aligning PCI with adjacent frameworks (SOC 2, ISO 27001, NIST CSF).
Tools & Environment (as applicable)
• Ticketing/PM: Jira, Azure DevOps, ServiceNow, MS Project, Smartsheet
• Evidence/Docs: Confluence, SharePoint, Google Drive
• Security stack: Splunk/Datadog/ELK, Qualys/Tenable/Rapid7, CrowdStrike/Defender, HashiCorp Vault/KMS
• Cloud: AWS/Azure/GCP core services, network & security services
Key KPIs / Success Measures
• Achieve PCI DSS ROC/AOC on time and within scope.
• % of controls implemented & verified; evidence completeness rate.
• Aging of open findings & time-to-remediate.
• Audit issues: count/severity across internal/QSA reviews.
• Stakeholder satisfaction and on-time milestone delivery.
Reply all
Reply to author
Forward
0 new messages