Found Description
You’ll own PCI-DSS end to end: getting us certified as a service provider, passing the audit, and keeping the status year after year. That means leading the scoping work, defining the cardholder data environment, driving remediation, and managing the relationship with the QSA.
The part that matters most: you can take a compliance requirement and turn it into something real. A PCI control is not closed because a policy says so. It’s closed when there’s a technical or process change that actually satisfies it, and evidence that it works. We need someone who can sit with engineering and infrastructure, translate a requirement into a concrete solution, and make sure it sticks.
Beyond PCI, you’ll bring leadership to the wider GRC program: risk, audits, frameworks, and the discipline that keeps us continuously ready rather than scrambling before each examination. You’ll report to the Group CISO with the autonomy to run compliance as your own area.