Back to search

Practice Lead (PCI Security Compliance)

National Capital Region Permanent Work from Home or Hybrid View Job Description
The Practice Lead (PCI Security Compliance) will guide and oversee PCI security compliance initiatives, ensuring that projects align with industry standards and organizational goals. This role is ideal for a professional with a strong background in PCI compliance and a passion for technology.
  • Join a multinational company and experience a merit-based culture.
  • Experience market-aligned salaries and benefits.

About Our Client

This role is with a well-established large organization in the cybersecurity industry, offering innovative solutions to meet evolving client needs. The company is known for its commitment to excellence and providing cutting-edge services to its clients.

Job Description

Key Responsibilities1) Client Delivery & Assessment Leadership

  • Lead and deliver PCI DSS assessments (ROC/AOC) for complex Cardholder Data Environments (CDEs) across merchants, service providers, and fintechs.
  • Define and manage scope, including network segmentation validation, sample selection, evidence requests, and stakeholder interviews.
  • Assess control effectiveness across all applicable PCI DSS requirements, including policies, technical configurations, and operational processes.
  • Produce high‑quality deliverables: Reports on Compliance (ROC), Attestations of Compliance (AOC), risk registers, remediation roadmaps, and executive briefings.
  • Provide pragmatic remediation guidance and challenge assumptions to drive secure, sustainable compliance outcomes.



2) Technical Advisory

  • Advise on secure network architecture, segmentation, tokenization, encryption & key management (HSM/KMS), IAM, logging/SIEM, vulnerability management, and incident response in the context of PCI DSS.
  • Review and validate compensating controls, including documentation and risk analysis.
  • Guide clients on PCI DSS v4.x transition, scoping strategies (incl. service provider models), and evidence readiness.
  • Conduct design and configuration reviews for cloud CDEs (AWS/Azure/GCP), containerized workloads, and modern payment flows (e.g., PCI P2PE, PCI 3DS, PCI Secure Software-where relevant).



3) Engagement & Stakeholder Management

  • Serve as the primary point of contact for client executives (CISO, CTO, CIO, Risk/Compliance Leads).
  • Translate technical findings into business risk language and action‑oriented recommendations.
  • Manage project plans, budgets, timelines, and risk/issue logs; ensure on‑time, on‑budget delivery with high client satisfaction.
  • Uphold independence and integrity in all assessment activities.



4) Practice & People Leadership

  • Coach and review the work of consultants and senior consultants; uplift methodology, templates, and QA standards.
  • Contribute to thought leadership (whitepapers, webinars, client briefings) and pre‑sales support (scoping, SOWs, proposals).
  • Identify opportunities to expand client relationships and adjacent service lines (e.g., ISO 27001, SOC 2, cloud security, IR readiness).



The Successful Applicant

Education

  • Bachelor's degree in Computer Science, Information Security, Information Systems, Engineering, or related field.
  • Master's degree (or equivalent experience) is a plus.



Professional Experience

  • 8-15+ years of progressive experience in cybersecurity, with 3-5+ years directly delivering PCI DSS consulting or assessments.
  • Demonstrable leadership of complex, multi‑entity environments (e.g., global processors, large retailers, PSPs, SaaS providers).
  • Proven track record producing audit‑quality documentation (ROC/AOC) and defending conclusions with evidence and stakeholder interviews.
  • Experience mentoring teams and setting delivery standards.
  • Consulting firm background (Big 4, specialized PCI firms, or reputable cybersecurity consultancies) strongly preferred.



CertificationsStrongly Preferred / Advantageous:

  • QSA (Qualified Security Assessor)
  • CISSP, CISM, or CISA
  • ISO/IEC 27001 Lead Auditor/Implementer
  • PCIP / ISA (as indicators of PCI familiarity)
  • Cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer, CCSP)
  • Relevant vendor‑specific or architecture credentials (networking, firewalls, HSMs, SIEM)



What's on Offer

  • Competitive salary package.
  • Additional allowances and performance-based bonuses.
  • Opportunity to work in a large organization within the cybersecurity industry.
  • Permanent role with opportunities for career growth and development.
  • Engaging and professional company culture.



If you are ready to take the next step in your career as a Practice Lead (PCI Security Compliance), apply now and be part of this exciting opportunity!

Contact
Gio Dumatol
Quote job ref
JN-022026-6943647
Phone number
+63 02 7795 2825

Job summary

Function
IT
Sub Sector
Security
What is your area of specialisation?
Technology & Telecoms
Location
National Capital Region
Job Type
Permanent
Consultant name
Gio Dumatol
Consultant contact
+63 02 7795 2825
Job Reference
JN-022026-6943647
Work from Home
Work from Home or Hybrid

Diversity & Inclusion at Michael Page

We don't just accept difference - we celebrate it. We encourage applicants from all backgrounds to apply for this role and are committed to building inclusive, diverse workplaces where everyone can thrive. If you require any support or reasonable adjustments during the recruitment process, please let us know.