GRC and PCI Compliance Manager

The GRC and PCI Compliance Manager is responsible for the comprehensive oversight, enhancement, and validation of PCI processes and procedures governing credit card transactions within ARS. This role involves driving the execution of the PCI program through policy enforcement, auditing, tracking, and promoting PCI awareness across the organization. Additionally, the manager will be tasked with establishing and maintaining corporate Information Security policies, including proposing new policies, ensuring their approval, and advocating for the approved policies. Other GRC responsibilities include managing a risk register, handling policy exceptions, and validating the effectiveness of security controls.

Furthermore, this role will involve risk assessing new acquisitions, developing their PCI project plans, and assisting them in achieving PCI compliance. This process will culminate in an onsite audit conducted by our external Qualified Security Assessor (QSA). Additional duties will include assisting with troubleshooting security tools, incident response, etc.

Knowledge:

• In-depth understanding of PCI DSS (Payment Card Industry Data Security Standard) requirements and compliance.
• Comprehensive knowledge of governance, risk management, and compliance (GRC) frameworks.
• Familiarity with information security policies, procedures, and best practices.
• Understanding of risk assessment methodologies and tools.
• Awareness of regulatory requirements and industry standards related to information security and data protection.

Skills:

• Strong organizational and planning skills.
• Excellent written and verbal communication skills.
• Project management skills with the ability to lead meetings efficiently.
• Attention to detail and the ability to follow through on action items.
• Perceptive audit and listening skills.
• Ability to work in a fluid environment with simultaneous smaller projects in motion.
• Collaborative approach to dealing with conflict and problem-solving.
• Ability to assess and manage risks effectively.

Duties:

• Facilitate annual PCI review and provide the required evidence to support compliance.
• Drive the execution of the PCI program through policy enforcement, auditing, tracking, and promoting PCI awareness within the business.
• Establish and maintain corporate Information Security policies, including proposing new policies, ensuring their approval, and advocating for the approved policies.
• Manage a risk register, handle policy exceptions, and validate the effectiveness of security controls.
• Risk assess new acquisitions, develop their PCI project plans, and assist them in achieving PCI compliance.
• Conduct onsite audits with external Qualified Security Assessors (QSA).
• Ensure that all organizational policies and regulations are followed.
• Develop strategies to manage risks and investigate compliance procedures.
• Provide training and education on PCI compliance and information security policies.

Formal Education or Equivalent:

• High-school diploma or general education degree required.
• College degree preferred.
• Experience previously working in a compliance role or Finance position involving credit card processing is a plus.

This position offers the flexibility to work remotely from home. Occasional travel is required to support auditing branch compliance and when working directly with new acquisitions on becoming PCI compliant.

ARS-Rescue Rooter is an Equal Opportunity Employer AA/EOE/M/F/V/D. In compliance with the Americans with Disabilities Act, ARS-Rescue Rooter may provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.