About the Job:
Lead the development and maintenance of a compliance framework aligned with business strategies, conduct external audits, and manage security risks to protect sensitive data such as cardholder data (CHD) and personally identifiable information (PII).

What you will do:

Ensure the implementation of payment gateway security follows PCI DSS v4.0, ISO 27001:2022, GDPR, SOC 2, and data privacy regulations. Monitor changes in industry regulations and assess their impact on the organization, updating compliance policies and procedures accordingly. Develop and manage a compliance framework that aligns with business strategy and ensures adherence to laws and regulations. Coordinate and lead external compliance audits (PCI DSS, ISO 27001, SOC 2), including audit preparation, document collection, and external audit team management. Review and create security policies and procedures that meet regulatory requirements and industry best practices. Ensure employee adherence to security policies and communicate policies effectively across the organization. Maintain documentation for compliance activities, including risk assessments, audits, incident response exercises, and remediation efforts. Identify potential security risks, mitigate non-compliance risks, and implement controls to protect data and meet regulatory requirements. Collaborate with legal, IT, and operations teams to mitigate risks and ensure security policies protect sensitive data like CHD and PII. Perform regular Data Protection Impact Assessments (DPIAs) to ensure data handling practices comply with privacy laws (GDPR, etc.). Oversee encryption, tokenization, and data anonymization practices to meet regulatory requirements. Ensure third-party vendors and partners comply with security and compliance requirements, including performing vendor security assessments and audits. Oversee incident response protocols to ensure they comply with data breach notification laws (GDPR, PCI DSS) and manage incident reporting. Ensure forensic investigations are conducted and documented for security incidents, with appropriate actions taken for resolution and prevention of future incidents. Develop and deliver security compliance training programs for staff, including management and IT personnel, ensuring an understanding of regulatory requirements. Conduct security awareness campaigns and compliance-focused training sessions to reduce human-related security risks. Provide regular reports on compliance status, risk assessments, audit findings, and remediation efforts to senior management and stakeholders. Develop Key Risk Indicators (KRI) and Key Performance Indicators (KPI) to measure compliance effectiveness and track improvements. Promote a culture of continuous improvement by identifying opportunities to enhance compliance processes, tools, and resources.