As a key member of the Cybersecurity Governance, Risk & Compliance (GRC) and M&A Integration team, the Cybersecurity Engineer – GRC will lead and support initiatives in IT compliance and risk management. Reporting directly to the Director of Cybersecurity, this position seeks a self-motivated professional with demonstrated expertise in PCI DSS and/or PCI 3DS as well as SOC 2. The successful candidate will utilize AI-driven tools and develop custom automation scripts to efficiently gather audit evidence, parse data, assess control deficiencies, and produce actionable recommendations.
- Oversee and coordinate security and compliance assessments, including PCI DSS, PCI 3DS, and SOC 2, involving preparation, evidence collection, stakeholder coordination, and remediation of identified gaps.
- Leverage AI and automation platforms to streamline audit evidence collection, control testing, and reporting procedures.
- Develop, maintain, and update automation scripts (using Python or other scripting/programming languages) for data extraction and analysis, control validation, and audit workflow optimization.
- Independently manage compliance activities such as penetration testing, ASV scanning, and re-testing cycles.
- Collaborate with technical and product teams to conduct security assessments, ensuring code and infrastructure changes align with PCI DSS and 3DS standards.
- Respond to client, partner, and third-party security assessments through timely communication and comprehensive responses.
- Refine GRC processes to enhance efficiency, scalability, and accuracy.
- Monitor emerging data security regulatory requirements and evolving IT and cybersecurity trends.
This is a hybrid position. Expectations of days in the office will be confirmed by your Hiring Manager.