PCI Compliance Specialist

Conduent

PCI Compliance Specialist coordinating compliance activities for PCI DSS Compliance Tower at Conduent. Serving as the execution backbone of a two-person compliance team overseeing 2-3 business units.

Posted 6/9/2026full-timeRemote • 🇺🇸 United StatesJuniorMid-Level💰 $110,688 - $143,750 per yearWebsite

Tech Stack

Tools & technologies

ServiceNow

About the role

Key responsibilities & impact

Serve as the primary evidence coordinator for all PCI-DSS control domains across 2-3 assigned business unit scopes, managing artifact collection from IT, operations, HR, and business unit control owners.
Maintain a continuous, audit-ready evidence repository for each assigned scope - organizing artifacts by control requirement, testing frequency, and assessment cycle.
Develop and distribute standardized evidence request packages to control owners, providing clear instructions on format, retention period, and submission deadlines.
Validate evidence submissions for completeness, accuracy, and alignment to the specific PCI-DSS v4.0 requirement being satisfied before logging in the repository.
Track evidence gaps, follow up on outstanding submissions, and escalate persistent collection failures to the ISA for stakeholder intervention.
Maintain version control and change logs for all compliance artifacts to support QSA review and year-over-year comparison.
Execute the control monitoring calendar for each assigned scope, performing or coordinating scheduled PCI-DSS control tests at daily, weekly, monthly, quarterly, and annual frequencies as defined by the ISA.
Document control test results with supporting evidence, noting pass/fail status, observations, and any exceptions identified during testing.
Track and log control exceptions, working with the ISA to initiate issue tickets and assign remediation owners through established workflows.
Coordinate and document quarterly User Access Reviews (UARs) for cardholder data environment (CDE) systems, collecting attestations from system owners and flagging any orphaned or excess access for remediation.
Support Monthly vulnerability scan cycles by coordinating scan scheduling with IT teams, collecting results, and ensuring risk ratings and remediation tickets are opened within required timeframes.
Maintain the control monitoring log and provide a monthly status summary to the ISA for KPI reporting and dashboard updates.
Support the ISA in executing the annual PCI-DSS recertification process for all assigned scopes - managing logistics, scheduling, evidence packaging, and communication with internal stakeholders throughout the assessment window.
Prepare and maintain structured evidence binders and audit response packages for each control domain, ensuring all artifacts are labeled, indexed, and traceable to specific PCI-DSS v4.0 requirements.
Track all QSA Requests for Information (RFIs) in the team's audit management system, coordinating timely responses from control owners and flagging items at risk of missing SLA to the ISA.
Maintain a master findings tracker for all assigned scopes, logging audit findings, management responses, remediation owners, target dates, and closure evidence across internal and external audit cycles.
Support the ISA in preparing Attestations of Compliance (AOCs), Self-Assessment Questionnaires (SAQs), and Report on Compliance (ROC) documentation by compiling required data and validating input accuracy.
Assist with post-audit retrospectives by compiling evidence submission timelines, RFI logs, and findings summaries for lessons-learned analysis.
Maintain and update CDE boundary diagrams, data flow diagrams, and network segmentation documentation for each assigned scope, initiating updates within 30 days of any environment change.
Maintain the risk acceptance register for assigned scopes, tracking open risk acceptances, expiry dates, residual risk ratings, and required annual reviews.
Track compensating controls for assigned scopes, ensuring each has documented rationale, compensating measures, and a current review date on file.
Monitor policy and procedure currency for assigned scopes, flagging documents approaching their review date and coordinating with the ISA and policy owners to initiate updates.
Maintain the third-party service provider compliance tracking log for assigned scopes, following up annually on AOC renewals and flagging expired certifications to the ISA.
Coordinate annual PCI-DSS awareness training delivery for control owners, IT staff, and business operations personnel within assigned scopes - tracking enrollment, completion rates, and issuing completion certificates.
Develop and maintain training attendance records and completion reports for all assigned scopes to support audit evidence requirements.
Assist the ISA in preparing control owner briefing materials, interview guides, and evidence submission instructions ahead of assessment windows.
Support onboarding of new control owners within assigned business units, walking them through evidence expectations, submission formats, and the compliance calendar.

Requirements

What you’ll need

Bachelor’s degree in information security, Business Administration, Information Systems, or a related field; equivalent professional experience considered.
2+ years of experience in compliance, audit support, IT governance, or information security operations role.
Demonstrated experience managing evidence collection or documentation programs in a regulated environment (PCI-DSS, SOC 2, ISO 27001, HIPAA, or equivalent).
Prior experience working in or supporting a compliance team with recurring audit cycles is strongly preferred.
Working knowledge of PCI-DSS requirements, control testing concepts, and the annual recertification lifecycle (SAQ/ROC/AOC process familiarity required).
Understanding of cardholder data environment (CDE) scoping concepts, including data flows, network segmentation, and system component classification.
Familiarity with vulnerability management workflows, access review processes, and log review attestation procedures.
Experience using GRC platforms, ticketing systems (e.g., ServiceNow, Jira), and document management tools for compliance tracking.
Proficiency in Microsoft Excel, Word, and SharePoint for evidence management, status tracking, and reporting.

Benefits

Comp & perks

Health and Welfare Benefits: Our health and welfare benefits can be tailored to fit you and your family's needs and start on the first day of employment.
Retirement Savings: We will support you as you save for your future.
Employee Discounts: We offer you access to a vast selection of global, national, and local discounts on merchandise, services, travel, and more.
Career Growth Opportunities: We help you thrive, so together, we can grow. We provide opportunities to advance your career with a vast portfolio of businesses and a global footprint.
Paid Training: Earn while you learn and continue to grow with access to award-winning learning platforms throughout your Conduent career.
Paid time off: We provide attractive paid time off packages designed for you to enjoy your life away from work.
Great Work Environment: We are proud of our award-winning culture and the recognition we’ve received for our diversity efforts.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

evidence collectiondocumentation programscontrol testingPCI-DSS requirementsvulnerability managementaccess review processeslog review attestationaudit supportIT governanceinformation security operations

Soft Skills

organizational skillscommunication skillsattention to detailproblem-solvingcollaborationtime managementstakeholder managementtraining deliveryreportingprocess improvement

Certifications

Bachelor’s degree in information securityBachelor’s degree in Business AdministrationBachelor’s degree in Information SystemsPCI-DSS certificationSOC 2 certificationISO 27001 certificationHIPAA certification