Information Security Governance Risk and Compliance Manager
Job Description
This is a remote position. For consideration, one must live within 30 miles of the following company HUBS:
- Portland, ME
- Washington, DC
- Boston, MA,
- Dallas, TX
- Bay Area
The WEX Information Security Governance Rick & Compliance Team promotes security policy and standards throughout WEX by establishing and maintaining security policies and standards, delivering cybersecurity awareness and training activities and anti-spear phishing simulation campaigns and executing Vendor/Supply Chain security risk management processes. Additionally, the team is responsible for managing PCI-DSS, HITRUST, SOX, SOC, FDIC, and customer audits across all lines of business and providing security evidence to support audit and customer inquiries.
How you’ll make an impact- Lead and manage the PCI DSS compliance program, including annual assessments, remediation activities, and continuous monitoring.
- Coordinate and conduct internal audits to ensure compliance with PCI DSS requirements.
- Develop, implement, and maintain PCI policies, procedures, and documentation.
- Collaborate with various departments, including IT, legal, and operations, to ensure compliance with PCI DSS.
- Manage relationships with external Qualified Security Assessors (QSAs) and facilitate on-site assessments.
- Monitor and report on compliance status, risks, and issues to senior management.
- Provide training and guidance to staff on PCI DSS requirements and best practices.
- Stay current with changes in PCI DSS and related security standards, ensuring timely updates to compliance programs.
- Participate in incident response efforts related to payment card security breaches.
- Bachelor’s degree in Information Security, Computer Science, or related field. Will consider 8 to 10 years of relevant experience in lieu of degree.
- Minimum of 5 years of experience in information security, with a focus on PCI DSS compliance.
- In-depth knowledge of PCI DSS requirements and the audit process.
- Experience managing PCI DSS compliance programs and leading assessments.
- Strong understanding of information security principles, risk management, and regulatory requirements.
- Relevant certifications such as CISSP, CISA, CISM, or PCI Professional (PCIP) are highly desirable.
- Excellent analytical, problem-solving, and project management skills.
- Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
- Detail-oriented and able to handle multiple priorities in a fast-paced environment.
Salary & Benefits
•