SRC _PCI _Senior Associate

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively. In regulatory risk compliance at PwC, you will focus on confirming adherence to regulatory requirements and mitigating risks for clients. You will provide guidance on compliance strategies and help clients navigate complex regulatory landscapes.

• 2–10 years of Information Security experience, with relevant PCI experience performing assessments, advisory work, or compliance implementation.
• Strong understanding of PCI DSS ecosystems, scoping, compliance processes, and maintaining ongoing compliance programs.
• Experience working with PCI DSS v4.0.1 requirements, controls, and testing procedures.
• Understanding PCI DSS segmentation testing, scoping principles, and evidence validation techniques.
• Preferably certified as PCI QSA or ISA (optional), with experience leading or supporting PCI DSS assessments and generating ROCs/Self-Assessments.
• Experience with PCI Industry benchmarking, RFPs/RFQs, scoping, SAQs, auditing, remediation and providing recommendations to large enterprises.
• SME-level knowledge in controls implementation, assessments, perform gap analysis, compliance reporting, and creation of PCI-aligned policies, procedures, and governance checks.
• Must have strong experience in implementing/assessing the P2PE solution requirements and testing procedures, encryption/decryption methodologies and key management within secure cryptographic devices.
• Responsible for building and influencing payment security as a core competency across clients, internal teams, partners, and vendors. This includes providing education, developing processes and procedures, standard templates, accelerators, and training to support internal competency build.
• Strong understanding and hands-on experience in conducting security reviews of various cybersecurity solutions, including but not limited to the following:
• Application or network firewalls
• Intrusion detection/prevention systems
• Database or other storage solutions
• Encryption solutions
• Security audit/log monitoring solutions
• File integrity monitoring solutions.
• Anti-virus solutions
• Vulnerability scanning services or solutions.
• Conduct targeted validation and detailed assessments of client processes, applications, products, policy documentation and third-party adherence to PCI DSS requirements.
• Delivers findings, recommendations and remediation steps for all activities, in a clear, concise and audience-specific format.
• Strong understanding of cloud platforms, cloud security principles, and PCI-specific requirements—including segmentation, access control, encryption, and logging—with the ability to assess PCI applicability within cloud shared responsibility models.
• Familiarity with containerization and orchestration technologies (e.g., Kubernetes) and their secure configuration in PCI-scoped environments.
• Ability to establish credibility and maintain strong working relationships with teams involved with payment security (InfoSec, Legal, Business Development, Physical Security, Developer Community, Networking, Systems, etc.).
• Strong understanding of application security practices (such as OWASP Top 10) and familiarity with other compliance standards/frameworks like ISO 27001/27002, NIST, HITRUST, COBIT, SOX, GLBA, SSAE16/SOC 2, HIPAA etc.
• Working knowledge of AI/GenAI technologies, with awareness of related data security and governance risks relevant to PCI DSS environments.
  
  

• Related payment security control and compliance experience in conducting, executing and managing fieldwork for assessments: PCI DSS, SOX, GLBA, HIPAA desirable.
• Strong leadership, teamwork, and collaboration abilities.
• Ability to quickly acquire and utilize knowledge on new technologies and solutions, emerging threats and vulnerabilities.
• Must have experience with Business development and should be able to contribute to team development and growth.
• Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities.
• Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture.
• Excellent written, oral communication and presentation skills.
• Ability to listen and contribute effectively to team environments.
• Results oriented, high energy, self-motivated.
• Worked in a client facing role.
  
  

• MCA / BE / B Tech
• Preferred certifications: PCI QSA/ISA, PCIP, CISSP, CISA, CISM, CRISC, or other comparable audit/security certifications.