Sr. PCI DSS Compliance Program Manager (San Jose)

Title : Sr PCI DSS Compliance Program Manager

Position : Hybrid Contract to possible conversion to full time in San Jose, CA. Can be remote if out of state.

Hourly Rate : $80-90.00

We are seeking an experienced Senior Compliance & PCI Program Manager to lead our growing PCI compliance program as we expand our capabilities from a validated SAQ-D assessment to a full Report on Compliance (ROC).

This role offers a unique opportunity to take ownership of the PCI DSS compliance lifecycle, build scalable processes for our evolving product and service suite, and help unify compliance efforts across multiple frameworks. If you're a PCI expert who thrives on cross-functional collaboration and continuous improvement, wed love to have you on our team.

Key Responsibilities

PCI Program Ownership

Maintain and scale the companys PCI DSS compliance program.

Lead all PCI activities, including scope definition, evidence collection, gap analysis, and remediation planning for in-scope systems, products, and services.

Serve as the primary liaison for external QSAs and auditors during annual assessments, readiness reviews, and compliance reporting.

Prepare for a seamless transition from SAQ-D to full ROC-level certification as the business grows.

Cross-Framework Compliance

Map PCI DSS controls across other frameworks like SOC 2, ISO 27001, and NIST 800-53 to improve efficiency and minimize audit fatigue.

Support continuous compliance operations, including evidence aggregation and control monitoring across frameworks.

Identify opportunities to implement automation and improve assurance while reducing manual compliance overhead.

Control Design & Implementation

Collaborate with Product, Engineering, IT, and Security teams to implement and operationalize effective technical and procedural controls.

Conduct impact assessments for system changes and new service offerings to address PCI scope and compliance requirements.

Draft, manage, and continuously improve PCI-related policies, standards, and procedures to ensure alignment with best practices.

Stakeholder Engagement & Enablement

Act as the companys subject matter expert (SME) for PCI DSS compliance and ensure audit readiness.

Design and deliver training programs to equip internal teams with the knowledge and tools to meet PCI requirements.

Work closely with Product and Sales teams to address customer or partner inquiries related to PCI compliance and data protection.

What Were Looking For (Minimum Qualifications)

At least 5+ years of experience managing PCI DSS compliance programs, including hands-on involvement with certifications, scoping, and remediation.

Deep understanding of PCI DSS 4.0 requirements, scoping methodologies, and evidence collection practices.

Experience collaborating with QSAs, external assessors, and auditors to maintain program compliance.

Demonstrated ability to map PCI DSS controls to other frameworks (SOC 2, ISO 27001, etc.) and operationalize them across an organization.

Familiarity with governance, risk, and compliance (GRC) tools, evidence management systems, and ticketing / workflow management processes.

Excellent communication skills, with the ability to influence cross-functional stakeholders and articulate compliance concepts to diverse audiences.

What Will Make You Stand Out (Preferred Qualifications)

Industry-recognized certifications like PCI Professional (PCIP), Internal Security Assessor (ISA), or Qualified Security Assessor (QSA).

Experience building and managing compliance programs within SaaS or cloud-native environments.

Familiarity with cloud security frameworks and standards, such as NIST 800-53.

Knowledge of financial sector resilience requirements, such as DORA, to support compliance in regulated industries.

Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable.

To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit https : / / www.modis.com / en-us / candidate-privacy /

The Company will consider qualified applicants with arrest and conviction records.