IT Compliance Expert  

About the Job:
Lead the development and maintenance of a compliance framework aligned with business strategies, conduct external audits, and manage security risks to protect sensitive data such as cardholder data (CHD) and personally identifiable information (PII).

What you will do:

• Ensure the implementation of payment gateway security follows PCI DSS v4.0, ISO 27001:2022, GDPR, SOC 2, and data privacy regulations.
• Monitor changes in industry regulations and assess their impact on the organization, updating compliance policies and procedures accordingly.
• Develop and manage a compliance framework that aligns with business strategy and ensures adherence to laws and regulations.
• Coordinate and lead external compliance audits (PCI DSS, ISO 27001, SOC 2), including audit preparation, document collection, and external audit team management.
• Review and create security policies and procedures that meet regulatory requirements and industry best practices.
• Ensure employee adherence to security policies and communicate policies effectively across the organization.
• Maintain documentation for compliance activities, including risk assessments, audits, incident response exercises, and remediation efforts.
• Identify potential security risks, mitigate non-compliance risks, and implement controls to protect data and meet regulatory requirements.
• Collaborate with legal, IT, and operations teams to mitigate risks and ensure security policies protect sensitive data like CHD and PII.
• Perform regular Data Protection Impact Assessments (DPIAs) to ensure data handling practices comply with privacy laws (GDPR, etc.).
• Oversee encryption, tokenization, and data anonymization practices to meet regulatory requirements.
• Ensure third-party vendors and partners comply with security and compliance requirements, including performing vendor security assessments and audits.
• Oversee incident response protocols to ensure they comply with data breach notification laws (GDPR, PCI DSS) and manage incident reporting.
• Ensure forensic investigations are conducted and documented for security incidents, with appropriate actions taken for resolution and prevention of future incidents.
• Develop and deliver security compliance training programs for staff, including management and IT personnel, ensuring an understanding of regulatory requirements.
• Conduct security awareness campaigns and compliance-focused training sessions to reduce human-related security risks.
• Provide regular reports on compliance status, risk assessments, audit findings, and remediation efforts to senior management and stakeholders.
• Develop Key Risk Indicators (KRI) and Key Performance Indicators (KPI) to measure compliance effectiveness and track improvements.
• Promote a culture of continuous improvement by identifying opportunities to enhance compliance processes, tools, and resources.

What we are looking for:

• Bachelor’s degree in Information Technology, Computer Information Systems, or related fields
• 4 years of experience in IT Security Compliance, Risk Management, and Information Security, preferably in the financial services or payment industry
• Relevant certifications such as CISA, CISM, CISSP, PCI DSS QSA, or ISO 27001 Lead Auditor
• Deep knowledge of PCI DSS v4.0, ISO 27001:2022, GDPR, SOC 2, and other relevant compliance frameworks
• Expertise in IT security principles, data encryption, risk management, and GRC (Governance, Risk, and Compliance) methodologies
• Experience with security technologies like firewalls, IDS/IPS, SIEM, and encryption tools
• Proficiency with compliance tools and methodologies such as audit management systems and risk assessment platforms
• Strong analytical thinking and attention to detail
• Excellent communication skills to convey complex compliance requirements to various departments
• Strong problem-solving abilities
• Ability to work under pressure, manage multiple tasks, and meet tight deadlines
• High initiative and teamwork skill
• Active listening and interpersonal skills