GRC Manager (PCI-DSS)

Всем добрый день📣

Международная финансово-технологическая компания Salmon растет.

Ищем - GRC Manager (PCI-DSS Focus)

Локация - remote (кроме РФ и РБ)

Russian native
English Fluent

You'll own PCI-DSS end to end: getting us certified as a service provider, passing the audit, and keeping the status year after year. That means leading the scoping work, defining the cardholder data environment, driving remediation, and managing the relationship with the QSA.

The part that matters most: you can take a compliance requirement and turn it into something real. A PCI control is not closed because a policy says so. It's closed when there's a technical or process change that actually satisfies it, and evidence that it works. We need someone who can sit with engineering and infrastructure, translate a requirement into a concrete solution, and make sure it sticks.

Beyond PCI, you'll bring leadership to the wider GRC program: risk, audits, frameworks, and the discipline that keeps us continuously ready rather than scrambling before each examination. You'll report to the Group CISO with the autonomy to run compliance as your own area.

Experience:
🏄🏽‍♂️6+ years in security GRC, compliance, or audit, with real ownership of a compliance program
🏄🏽‍♂️Has led a PCI-DSS certification end to end, ideally as a service provider, and maintained the status across cycles
🏄🏽‍♂️Has managed a QSA relationship and run a real audit, not just supported one
🏄🏽‍♂️Has led cardholder data environment scoping and segmentation decisions with technical teams
🏄🏽‍♂️Comfortable across at least PCI-DSS and one of ISO 27001 or a banking framework (BSP MORB or equivalent)
🏄🏽‍♂️Worked in a regulated environment where compliance was enforced, not aspirational

Подробнее тут
Показать контакты

Мой контакт
Tg: Показать контакты