Conduent

Compensation

Full Description

Information Security Engineer III  PCI Compliance & Audit Governance Lead    Information Security Compliance & Risk   About the Role  We are seeking a highly skilled PCI Compliance & Audit Governance Manager to serve as the dedicated end-to-end compliance owner for 2-3 assigned business units within our organization. In this critical role, you will act as the subject matter expert and primary point of accountability for Payment Card Industry Data Security Standard (PCI-DSS) compliance across your assigned scopes from day-to-day control monitoring through annual recertification and third-party audit management.  This position bridges the gap between technical security requirements and business operations, requiring a practitioner who can translate PCI-DSS mandates into actionable controls, work cross-functionally with IT, finance, legal, and business leadership, and drive a culture of sustained compliance across their assigned accounts.  Key Responsibilities  1. End-to-End Compliance Governance  * Serve as the sole compliance owner for 2–3 designated business unit scopes, maintaining comprehensive accountability for their PCI-DSS posture.  * Define, implement, and continuously improve compliance governance frameworks tailored to each assigned business unit's operating model and cardholder data environment (CDE).  * Establish and maintain scope boundary documentation, data flow diagrams, and network segmentation evidence for each assigned account.  * Conduct regular compliance health assessments across all assigned scopes and report status to executive stakeholders via dashboards and governance reports.  * Identify, document, and track control gaps, compensating controls, and risk acceptance decisions in alignment with PCI-DSS v4.0 requirements.  * Partners with business unit leaders embed compliance requirements into project intake, change management, and product development lifecycles.  2. Annual PCI-DSS Recertification  * Own the annual PCI-DSS recertification process for all assigned accounts, acting as the primary liaison with Qualified Security Assessors (QSAs) and internal stakeholders.  * Develop and manage detailed recertification project plans, timelines, and RACI matrices to ensure on-time, audit-ready submissions.  * Coordinate evidence collection from control owners across IT, operations, HR, and business units — validating completeness, accuracy, and audit readiness.  * Maintain a continuous evidence repository and artifact management system to eliminate last-minute scrambles during assessment windows.  * Review and respond to QSA Requests for Information (RFIs), findings, and preliminary observations on behalf of assigned business units.  * Drive remediation of any deficiencies identified during assessments, tracking closure through established issue management workflows.  * Complete and submit Attestations of Compliance (AOCs), Self-Assessment Questionnaires (SAQs), and Report on Compliance (ROC) documentation as applicable.  3. Audit Management  * Design and operate a structured audit management program covering all PCI-related internal and external audit activities for assigned scopes.  * Manage QSA and internal audit relationships, scheduling, logistics, and stakeholder communication throughout engagement lifecycles.  * Maintain and continuously improve the audit management toolset (GRC platforms, ticketing integrations, evidence portals) to support efficient, repeatable audit cycles.  * Develop standardized audit response playbooks, evidence templates, and interview preparation guides for control owners.  * Track all audit findings, management responses, and remediation milestones to closure — escalating aged or high-risk items to leadership.  * Conduct post-audit retrospectives and incorporate lessons learned into governance processes and evidence collection practices.  4. Control Monitoring & Continuous Compliance  * Establish and oversee a control monitoring calendar aligned to PCI-DSS testing frequencies (daily, weekly, monthly, quarterly, annual) for each assigned scope.  * Define Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for each PCI control domain within assigned business units.  * Perform or coordinate quarterly vulnerability scan reviews, penetration test oversight, access reviews, and log review attestations.  * Monitor threat intelligence and PCI SSC updates, proactively assessing impact of new requirements or guidance on assigned scopes.  * Support third-party vendor assessments to verify that service providers used by assigned business units maintain their own PCI compliance.  5. Stakeholder Engagement & Advisory  * Act as the trusted compliance advisor for business unit leadership, providing clear, actionable guidance on PCI-DSS obligations and risk posture.  * Deliver regular compliance status briefings and steering committee presentations for assigned accounts.  * Provide PCI-DSS training and awareness sessions to control owners, IT staff, and business operations teams within assigned scopes.  * Advise on new business initiatives, technology adoptions, and process changes to ensure PCI requirements are addressed proactively.  * Collaborate with Legal, Privacy, and Risk teams to align PCI compliance activities with broader enterprise GRC strategy.  Required Qualifications  Education & Experience  * Bachelor’s degree in information security, Computer Science, Information Systems, or a related field; combined 5 plus years professional experience considered.  * 5+ years of hands-on experience in PCI-DSS compliance, information security, or IT audit roles.  * Minimum 2 years of direct experience managing PCI-DSS assessments (QSA engagement, ROC/SAQ preparation) as a primary owner.  * Demonstrated experience managing compliance obligations for multiple business units or organizational scopes simultaneously.  Technical Knowledge  * 2 plus years working knowledge of PCI-DSS v4.0 requirements, SAQ types, and ROC/AOC processes.  * 2 plus years Strong understanding of network security concepts, segmentation controls, and cardholder data environment (CDE) scoping methodologies.  * Familiarity with vulnerability management processes, penetration testing oversight, and security monitoring in payment card environments.  * Experience with GRC platforms for audit and compliance management.  * Working knowledge of cloud environments (AWS, Azure, GCP) in PCI-scoped contexts.  Preferred Qualifications  * Experience in financial services, payments, retail, or e-commerce industries with large-scale PCI scopes.  * Prior experience working directly as or alongside a Qualified Security Assessor (QSA).  * Familiarity with related frameworks (SOC 2, ISO 27001, NIST CSF) and control mapping across standards.  * Experience managing service provider PCI compliance oversight and third-party risk programs.  * Exposure to tokenization, point-to-point encryption (P2PE), and other PCI scope-reduction technologies.  * Scripting or automation experience to streamline evidence collection and monitor workflows.    Flexible Working At Conduent, we want you to be yourself. We recognize that everyone is different and that how people want to work and deliver at their best is different for everyone too. In this role, you can expect the following working conditions: • Remote work: Enjoy the convenience of working from home and maximize your time by unplugging at the end of your workday. Working For You Perks and rewards designed for you: • Health and Welfare Benefits: Our health and welfare benefits can be tailored to fit you and your family's needs and start on the first day of employment. • Retirement Savings: We will support you as you save for your future. • Employee Discounts: We offer you access to a vast selection of global, national, and local discounts on merchandise, services, travel, and more. • Career Growth Opportunities: We help you thrive, so together, we can grow. We provide opportunities to advance your career with a vast portfolio of businesses and a global footprint. • Paid Training: Earn while you learn and continue to grow with access to award-winning learning platforms throughout your Conduent career. • Paid time off: We provide attractive paid time off packages designed for you to enjoy your life away from work. • Great Work Environment: We are proud of our award-winning culture and the recognition we’ve received for our diversity efforts. Join Us At Conduent, we are one team, one mission. We understand that our success is directly related to the success of our associates. We strive to create a culture where you can: Bring your authentic self to work Grow and thrive, both personally and professionally Make a difference with our clients, in our communities, and with the millions of people we support When you join Conduent, you are engaged in creating the future - both our company’s and your own. With more than 60,000 associates across 24 countries, we will provide you the opportunity to grow with a team of people who will challenge and inspire you to be the best.       Pay Transparency Laws in some locations require disclosure of compensation and/or benefits-related information.  For this position, actual salaries will vary and may be above or below the range based on various factors including but not limited to location, experience, and performance. In addition to base pay, this position, based on business need, may be eligible for a bonus or incentive. In addition, Conduent provides a variety of benefits to employees including health insurance coverage, voluntary dental and vision programs, life and disability insurance, a retirement savings plan, paid holidays, and paid time off (PTO) or vacation and/or sick time. The estimated salary range for this role is $96k-120k.     Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by clicking on the following link, completing the accommodation request form, and submitting the request by using the "Submit" button at the bottom of the form. For those using Google Chrome or Mozilla Firefox please download the form first: click here to access or download the form [https://downloads.conduent.com/content/usa/en/file/conduent-applicant-adaaa-referral-form.pdf]. You may also click here to access Conduent's ADAAA Accommodation Policy [http://downloads.conduent.com/content/usa/en/document/cdt_adaaa_accommodation_pol.pdf]. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.       Through our dedicated associates, Conduent delivers mission-critical services and solutions on behalf of Fortune 100 companies and over 500 governments - creating exceptional outcomes for our clients and the millions of people who count on them. You have an opportunity to personally thrive, make a difference and be part of a culture where individuality is noticed and valued every day. Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. For US applicants: People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:  click here to access or download the form [https://downloads.conduent.com/content/usa/en/file/conduent-applicant-adaaa-referral-form.pdf].  Complete the form and then email it as an attachment to FTADAAA@conduent.com [FTADAAA@conduent.com]. You may also click here to access Conduent's ADAAA Accommodation Policy [http://downloads.conduent.com/content/usa/en/document/cdt_adaaa_accommodation_pol.pdf].