Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.

When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.

Join Visa: A Network Working for Everyone.

This hands-on Senior Analyst position will serve as part of Visa's Cybersecurity PCI DSS Competency function within the Cybersecurity Governance Risk and Compliance (GRC) team. This position will be reporting to Director/Sr. Director, delivering all aspects of a successful PCI DSS / P2PE / SSF competency program to Visa, its clients and acquired entities. The role will be focused on delivering PCI assessment programs, strategy, controls readiness, continuous controls compliance, security assessments, education and awareness, reporting, and responding to ad hoc requests. The successful candidate will be a PCI subject matter expert, able to craft compelling narratives, crisp arguments, and communicate with executive presence but also be strong on execution to effectively balance the individual elements of managing the role. Depending on workload there may be opportunity to participate in broader GRC activities.

This is a hybrid position with the role sitting in either our Austin, TX or Foster City, CA office location. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office two days a week, Tuesdays and Wednesdays with a general guidepost of being in the office 50% of the time based on business needs.

As a member of the Cybersecurity Audit and Compliance PCI Competency this role will be responsible for providing expert support to deliver compliance internally to Cybersecurity, the wider business, acquired entities and externally to clients.

• The role will primarily focus on the Payment Card Industry Data Security Standard (PCI DSS) with an opportunity to work with PCI PIN, Point-to-Point Encryption Standard and Secure Software Framework together with other PCI standards as required by Visa.

• Assist with the co-ordination and delivery of Visa’s annual PCI DSS assessment programs.

• Take ownership of Cybersecurity actions resulting from PCI assessments and compliance activity – facilitate interaction between the relevant Cybersecurity teams from issue identification through to evidence collection and issue close out.

• Evaluate plans and evidence artefacts to validate accuracy and appropriateness for assessments evidence requests or issue close out applying technical skills and prior experience.

• Partner with SMEs and stakeholders such as Internal Audit, Global Compliance, and Enterprise Risk to identify, remediate, and track Cybersecurity issues.

• Direct ownership and accountability for procedures and controls to ensure compliance with PCI DSS.

• Undertake controls readiness programs on new environments to assure compliance prior to undergoing assessment.

• Participate in the Security Assessment Program delivering PCI expertise to the process

• Accommodate ad-hoc activities in support of the ongoing internal and external audit and provide support if requested for other internal or external compliance activity.

• Update Cybersecurity leadership on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field.
o Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
• Must have 8+ years of work experience in Information Security, Audit, Risk, and/or Compliance.
• Must have 4+ years direct participation and experience with the PCI DSS.
• Previous PCI ISA, PCI QSA qualification, current PCIP qualification or equivalent demonstrable experience.
• Solid understanding and experience in coordinating and conducting PCI assessments from a QSA or ISA perspective to financial and/or technology companies or with a background in Big 4 consulting.
• Relevant and extensive experience in evaluating technology and/or security controls against the PCI DSS preferably for financial and/or technology companies.
• Adaptable by nature with the ability to pick-up and understand unfamiliar technologies and concepts for discussion with technology and business team.
• Ability to prioritize deliverables and projects to meet timelines efficiently, to adapt to changes in priorities quickly. Demonstrated ability to meet deadlines and commitments in an environment that requires multi-tasking among concurrent activities and frequent change of priorities.
• Superior analytical and problem-solving skills.
• Experience working in a global organization with the need to deliver to regional requirements.
• Team oriented, collaborative, diplomatic and flexible. Able to work independently and as part of a team.
• Excellent written and verbal communication skills.

Preferred Qualifications

• Experience with qualifications related to PCI PIN, PCI P2PE or PCI SSF advantageous.
• CISM, CISSP, CISMA, CISA and auditing qualifications desirable.
• Experience in IT Governance, Risk and Compliance function advantageous

Visa has adopted a COVID-19 vaccination policy to safeguard the health and well-being of our employees and visitors. As a condition of employment, all employees based in the U.S. are required to be fully vaccinated for COVID-19, unless a reasonable accommodation is approved or as otherwise required by law.

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.