PCI Compliance Specialist

PCI Compliance Specialist

About the Role

We are seeking a detail-oriented and operationally disciplined PCI Compliance Specialist to serve as the execution backbone of a two-person compliance team within Conduent's PCI DSS Compliance Tower. Working in close partnership with a PCI Internal Security Assessor (ISA), you will be the day-to-day operational owner of compliance activities for 2-3 assigned business units - managing evidence collection, control monitoring, artifact readiness, and compliance tracking across every stage of the annual PCI-DSS governance cycle. 

This role is purpose-built for a practitioner who thrives in structured, detail-intensive environments and takes personal pride in the accuracy, completeness, and timeliness of compliance records. You will be the organized engine that keeps the team's assigned scopes audit-ready year-round, freeing the ISA to focus on assessor relationships, risk advisory, and stakeholder engagement. 

Responsibilities 

Evidence Collection & Artifact Management 

• Serve as the primary evidence coordinator for all PCI-DSS control domains across 2-3 assigned business unit scopes, managing artifact collection from IT, operations, HR, and business unit control owners. 

• Maintain a continuous, audit-ready evidence repository for each assigned scope - organizing artifacts by control requirement, testing frequency, and assessment cycle. 

• Develop and distribute standardized evidence request packages to control owners, providing clear instructions on format, retention period, and submission deadlines. 

• Validate evidence submissions for completeness, accuracy, and alignment to the specific PCI-DSS v4.0 requirement being satisfied before logging in the repository. 

• Track evidence gaps, follow up on outstanding submissions, and escalate persistent collection failures to the ISA for stakeholder intervention. 

• Maintain version control and change logs for all compliance artifacts to support QSA review and year-over-year comparison. 

Control Monitoring & Testing Calendar Execution 

• Execute the control monitoring calendar for each assigned scope, performing or coordinating scheduled PCI-DSS control tests at daily, weekly, monthly, quarterly, and annual frequencies as defined by the ISA. 

• Document control test results with supporting evidence, noting pass/fail status, observations, and any exceptions identified during testing. 

• Track and log control exceptions, working with the ISA to initiate issue tickets and assign remediation owners through established workflows. 

• Coordinate and document quarterly User Access Reviews (UARs) for cardholder data environment (CDE) systems, collecting attestations from system owners and flagging any orphaned or excess access for remediation. 

• Support Monthly vulnerability scan cycles by coordinating scan scheduling with IT teams, collecting results, and ensuring risk ratings and remediation tickets are opened within required timeframes. 

• Maintain the control monitoring log and provide a monthly status summary to the ISA for KPI reporting and dashboard updates. 

Audit Support & Recertification Coordination 

• Support the ISA in executing the annual PCI-DSS recertification process for all assigned scopes - managing logistics, scheduling, evidence packaging, and communication with internal stakeholders throughout the assessment window. 

• Prepare and maintain structured evidence binders and audit response packages for each control domain, ensuring all artifacts are labeled, indexed, and traceable to specific PCI-DSS v4.0 requirements. 

• Track all QSA Requests for Information (RFIs) in the team's audit management system, coordinating timely responses from control owners and flagging items at risk of missing SLA to the ISA. 

• Maintain a master findings tracker for all assigned scopes, logging audit findings, management responses, remediation owners, target dates, and closure evidence across internal and external audit cycles. 

• Support the ISA in preparing Attestations of Compliance (AOCs), Self-Assessment Questionnaires (SAQs), and Report on Compliance (ROC) documentation by compiling required data and validating input accuracy. 

• Assist with post-audit retrospectives by compiling evidence submission timelines, RFI logs, and findings summaries for lessons-learned analysis. 

Scope Documentation & Registry Maintenance 

• Maintain and update CDE boundary diagrams, data flow diagrams, and network segmentation documentation for each assigned scope, initiating updates within 30 days of any environment change. 

• Maintain the risk acceptance register for assigned scopes, tracking open risk acceptances, expiry dates, residual risk ratings, and required annual reviews. 

• Track compensating controls for assigned scopes, ensuring each has documented rationale, compensating measures, and a current review date on file. 

• Monitor policy and procedure currency for assigned scopes, flagging documents approaching their review date and coordinating with the ISA and policy owners to initiate updates. 

• Maintain the third-party service provider compliance tracking log for assigned scopes, following up annually on AOC renewals and flagging expired certifications to the ISA. 

Compliance Training & Awareness Coordination 

• Coordinate annual PCI-DSS awareness training delivery for control owners, IT staff, and business operations personnel within assigned scopes - tracking enrollment, completion rates, and issuing completion certificates. 

• Develop and maintain training attendance records and completion reports for all assigned scopes to support audit evidence requirements. 

• Assist the ISA in preparing control owner briefing materials, interview guides, and evidence submission instructions ahead of assessment windows. 

• Support onboarding of new control owners within assigned business units, walking them through evidence expectations, submission formats, and the compliance calendar. 

Requirements 

Education & Experience 

• Bachelor’s degree in information security, Business Administration, Information Systems, or a related field; equivalent professional experience considered. 

• 2+ years of experience in compliance, audit support, IT governance, or information security operations role. 

• Demonstrated experience managing evidence collection or documentation programs in a regulated environment (PCI-DSS, SOC 2, ISO 27001, HIPAA, or equivalent). 

• Prior experience working in or supporting a compliance team with recurring audit cycles is strongly preferred. 

Technical Knowledge 

• Working knowledge of PCI-DSS requirements, control testing concepts, and the annual recertification lifecycle (SAQ/ROC/AOC process familiarity required). 

• Understanding of cardholder data environment (CDE) scoping concepts, including data flows, network segmentation, and system component classification. 

• Familiarity with vulnerability management workflows, access review processes, and log review attestation procedures. 

• Experience using GRC platforms, ticketing systems (e.g., ServiceNow, Jira), and document management tools for compliance tracking. 

• Proficiency in Microsoft Excel, Word, and SharePoint for evidence management, status tracking, and reporting. 

Skills & Competencies 

• Exceptional organizational discipline with the ability to manage multiple concurrent evidence streams, deadlines, and tracking logs across 2-3 scopes without loss of accuracy. 

• Meticulous documentation habits - takes ownership of record accuracy, version control, and artifact completeness as a professional standard. 

• Strong written communication skills; able to draft clear, concise evidence requests, status updates, and compliance summaries for both technical and non-technical audiences. 

• Collaborative working style; able to build effective relationships with control owners, IT teams, and business unit staff to facilitate timely evidence submission. 

• Proactive follow-through - tracks open items to closure independently and escalate appropriately before deadlines are missed. 

• Comfort operating in structured, process-driven environments with clearly defined responsibilities and recurring compliance cycles. 

Preferred Skills

Certifications

• CompTIA Security+, PCIP, CISA, CRISC

Qualifications

• Experience supporting PCI-DSS assessments as a control owner coordinator, audit liaison, or compliance analyst in a BPO, financial services, or retail payments environment. 

• Familiarity with GRC/evidence management platforms used in PCI audit cycles. 

• Experience working across multiple business units or legal entities simultaneously, managing parallel compliance workstreams. 

• Knowledge of related frameworks (ISO 27001, SOC 2, NIST CSF) and the ability to cross-reference PCI-DSS controls against complementary standards. 

• Experience building or maintaining compliance dashboards and KPI trackers in Excel, Power BI, or SharePoint. 

Flexible Working 

At Conduent, we want you to be yourself. We recognize that everyone is different and that how people want to work and deliver at their best is different for everyone too.  
In this role, you can expect the following working conditions: 

• Remote work: Enjoy the convenience of working from home and maximize your time by unplugging at the end of your workday.

Working For You 

Perks and rewards designed for you: 

• Health and Welfare Benefits: Our health and welfare benefits can be tailored to fit you and your family's needs and start on the first day of employment.
• Retirement Savings: We will support you as you save for your future.
• Employee Discounts: We offer you access to a vast selection of global, national, and local discounts on merchandise, services, travel, and more.
• Career Growth Opportunities: We help you thrive, so together, we can grow. We provide opportunities to advance your career with a vast portfolio of businesses and a global footprint.
• Paid Training: Earn while you learn and continue to grow with access to award-winning learning platforms throughout your Conduent career.
• Paid time off: We provide attractive paid time off packages designed for you to enjoy your life away from work.
• Great Work Environment: We are proud of our award-winning culture and the recognition we’ve received for our diversity efforts.

Join Us 

At Conduent, we are one team, one mission. We understand that our success is directly related to the success of our associates. We strive to create a culture where you can:  
 
Bring your authentic self to work  
Grow and thrive, both personally and professionally  
Make a difference with our clients, in our communities, and with the millions of people we support  
 
When you join Conduent, you are engaged in creating the future - both our company’s and your own. With more than 60,000 associates across 24 countries, we will provide you the opportunity to grow with a team of people who will challenge and inspire you to be the best! 

Pay Transparency Laws in some locations require disclosure of compensation and/or benefits-related information.  For this position, actual salaries will vary and may be above or below the range based on various factors including but not limited to location, experience, and performance. In addition to base pay, this position, based on business need, may be eligible for a bonus or incentive. In addition, Conduent provides a variety of benefits to employees including health insurance coverage, voluntary dental and vision programs, life and disability insurance, a retirement savings plan, paid holidays, and paid time off (PTO) or vacation and/or sick time. The estimated salary range for this role is $110,688 - $143,750.

Through our dedicated associates, Conduent delivers mission-critical services and solutions on behalf of Fortune 100 companies and over 500 governments - creating exceptional outcomes for our clients and the millions of people who count on them. You have an opportunity to personally thrive, make a difference and be part of a culture where individuality is noticed and valued every day.

Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law.

For US applicants: People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:  click here to access or download the form.  Complete the form and then email it as an attachment to [email protected]. You may also click here to access Conduent's ADAAA Accommodation Policy.