The InfoSec PCI (Payment Card Industry) Compliance Specialist will be responsible for facilitating PepsiCo internal business units around the world maintain compliance to the PCI Data Security Standard (DSS) by assisting them to evaluate the applicable controls in completing the relevant PCI Self-Assessment Questionnaire (SAQ). The InfoSec PCI Compliance Specialist will also be involved in providing guidance on PCI Compliance as new business solutions around the world are being evaluated, designed, and deployed.
The InfoSec PCI Compliance Specialist will influence PepsiCo's e-commerce strategy to increase sales of our products while ensuring PepsiCo complies with regulatory and financial requirements when handling payment instruments such as credit/ debit cards around the world. The InfoSec PCI Compliance Specialist will collaborate and partner with Finance and the Business around the world to pursue PCI DSS assessments of solutions and third parties handling credit cards on behalf of PepsiCo. This position will also improve the PCI DSS assessment process based on best industry practices, the evolving threat landscape, the changing PCI standards, PepsiCo's risk appetite and capability maturity model, and unique business needs around the world. The InfoSec PCI Compliance Specialist will develop and update training material and tools, and perform necessary training sessions, that allow employees around the world to understand when the PCI DSS requirements are applicable, and how to support the corresponding assessments.
ResponsibilitiesPCI DSS Assessments:
- Perform PCI DSS assessments for all solutions handling payment card information.
- Maintain compliance with established PCI governance standards.
Risk Evaluation and Communication:
- Evaluate system and data flows for security risks and compliance gaps.
- Communicate results and actions to business units.
Training and Development:
- Complete annual PCI ISA training.
- Develop and update training materials and conduct necessary training sessions.
Technology and Process Improvement:
- Evaluate technologies/architectures used by PepsiCo and partners.
- Implement global process improvements for PCI compliance assessments.
- Learn and understand credit card handling technologies/architectures.
Reporting and Documentation:
- Develop reports and present findings to various organizational levels.
- Create and update PCI compliance awareness documentation.
Collaboration and Alignment:
- Facilitate alignment across diverse parties and business units.
- Review information security requirements in contracts with third parties.
- Understand technical and business arrangements with third parties to support PCI DSS compliance.
Compensation and Benefits:
- The expected compensation range for this position is between $106,400 - $178,100.
- Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process.
- Bonus based on performance and eligibility target payout is 12% of annual salary paid out annually.
- Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
- In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.
Experience and Technical Skills:
- PCI Compliance: 3+ years in PCI compliance and governance (QSA, TPSRM Assessor, or ISA).
Technical/Project Management:
- 3+ years across various technologies (web, networking, firewalls, applications, cloud, etc.).
PCI SAQ Assessments:
- Expertise in performing and passing PCI ISA certification.
Information Security:
- Strong understanding of frameworks (NIST, PCI DSS, ISO), reference models (cyber kill chain, MITRE ATT&CK), and cyber concepts.
Technical Knowledge:
- In-depth experience with infrastructure, encryption, access management, payment devices, e-commerce, cloud services, and DevSecOps principles.
Non-Technical Skills:
- Communication: Strong verbal and written skills in English, able to influence and collaborate with multiple teams.
- Decision-Making: Timely and effective decision-making under stress, weighing costs and benefits.
- Risk Assessment: Ability to identify, assess, and communicate risks to drive business objectives.
- Service Orientation: Commitment to delivering high-quality, prompt, and efficient service.
- Prioritization and Multi-tasking: Excellent at breaking down work into manageable parts and handling multiple tasks simultaneously.
Interpersonal and Leadership Skills:
- Interpersonal Skills: Strong ability to work with and influence business associates and third parties globally.
- Leadership: Experience in team leadership roles and managing expectations.
- Representation: Strong presence in strategic discussions about PCI DSS compliance.
Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity.
If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy.
Please view our Pay Transparency Statement.
