Job Description

Overview

Your success is a train ride away!

As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.

Are you ready to join our team?

Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.

Summary of Duties

The Director DT Gov Risk & Compliance of the PCI Compliance Program is a senior level manager accountable for leading and managing Amtrak's enterprise PCI DSS compliance program, ensuring adherence to PCI DSS 4.0 standards across Amtrak's payment systems and associated processes. This position ensures that Amtrak maintains the ability to securely process, store, and transmit payment card data while mitigating associated risks. This role oversees the team of PCI professionals tasked with identifying and maintaining areas of PCI compliance; developing, implementing and maintaining PCI Continuous Compliance Program, while providing associated compliance guidance to senior management and employees across the organization. This role promotes heightened awareness and understanding of existing PCI DSS 4.0 compliance issues, related control requirements and policies, and procedures required to meet PCI-DSS 4.0 compliance requirements. The Director, PCI Compliance works closely with IT and Business Senior Leadership, overseeing internal company PCI compliance staff to analyze, evaluate, prioritize, and implement necessary technologies or technology related process improvements. This role owns and manages ongoing, yearly PCI audit schedule and associated audits and works with IT and Business leadership to ensure ongoing compliance with all applicable PCI-DSS Compliance requirements.

Essential Functions

• Owns Amtrak's PCI-DSS 4.0 Continuous Compliance Program, ensuring successful internal and external audits are successfully completed on yearly basis.
• Reviews, revising, and, where appropriate, proposing new changes to policies and procedures to ensure compliance with PCI-DSS 4.0 requirements.
• Works with IT Leaders, Business Leaders and staff to ensure appropriate awareness and due-diligence applied to meet ongoing PCI-DSS requirements.
• Manages feedback and plans from PCI audits for Amtrak's IT department.
• Identifies major risk factors for the IT leadership and developing and coordinating the implementation of strategies to reduce/remediate process, operational, regulatory and compliance risk associated with PCI-DSS compliance.
• Provides support and oversight to Amtrak's various IT PCI related projects and testing initiatives, including continuous audits of the associated internal controls.
• Analyzes current and proposed IT systems/programs/initiatives to ensure compliance with PCI-DSS requirements.
• Ensures that the appropriate controls are considered throughout new system implementation projects and reviewing documentation for new IT or business processes that impact PCI compliance.
• Collaborates regularly with teams across the organization to gather compliance work statuses, progress and obstacles.
• Provides ongoing PCI-DSS Compliance advice, guidance, encouragement and constructive feedback.
• Establishes measurable individual and team objectives that are aligned with business and organizational goals to meet yearly PCI Compliance requirements.
• Documents and presents performance assessments. Recognizes and rewards associates commensurate with performance. Implements organizational practices for staffing, EEO, diversity, performance management, development, reward and recognition, and retention.
• Identifies the roles, skills and knowledge required. Ensure staff has the resources and skills needed to support all work initiatives. Participates in IT workforce deployment activities.
• Generates appropriate communication, process and educational plans for mitigating the disruption of change. Identifies and removes obstacles to change.

Minimum Qualifications

• Bachelor's degree in Computer Science, Information Technology, Information Assurance, or related technical/business field with 11+ years relevant experience or a minimum of 15+ years relevant experience is required to satisfy education and experience requirements.
• 11+ years of relevant technical and managerial experience.
• In-depth knowledge of PCI-DSS 4.0 Compliance Framework, SAQs, ROC processes, and remediation strategies.
• Demonstrated experience in leading PCI DSS compliance initiatives, including audits, risk assessments, and remediation efforts.
• Experience in managing large, cross-functional/matrixed teams and building relationships with people at a variety of levels across the organization.
• Demonstrated expertise in risk and compliance management within an IT organization, with expertise in frameworks like ISO 27001, NIST CSF.
• Proven track record of managing large-scale compliance programs and being detail-oriented with a demonstrated ability to motivate and follow-through on critical projects.
• Demonstrated expertise in developing and reviewing policy.
• Strong project management skills, with experience in implementing compliance and security initiatives on a global scale.
• Excellent communication and stakeholder management skills, including experience presenting to executives and board members.
• Ability to deliver through others in a matrix environment while fostering collaboration.
• Ability to work effectively with external assessors and regulatory bodies.
• Strong analytical skills for interpreting audit findings and developing actionable remediation plans.
• Must possess strong communication and interpersonal skills, work well with others in an integrated team environment, and be self-motivated.

Preferred Qualifications

• Bachelor's degree or higher in Computer Science, Information Technology, Information Assurance, or related technical/business field with 11+ years relevant experience or a minimum of 15+ years relevant experience is required to satisfy education and experience requirements.
• Certifications such as PCIP, QSA, CISSP, CISM, CISA
• Knowledge of payment systems, e-commerce platforms, and emerging payment technologies.
• Strong familiarity with security technologies, such as firewalls, encryption, vulnerability scanning, IAM and SIEM solutions.
• Proven leadership in cross-functional, multi-disciplinary teams.

Work Environment

• This position offers remote work or onsite 4/5 days a week.
• May travel up to 5%-10% of the time.
• Occasional after-hours work is required.
• Additional duties as assigned

Communications and Interpersonal Skills

Must have excellent oral and written communication skills.

The salary/hourly range is $163,000-$211,140 . Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee's assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee's base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offerings here .

Requisition ID: 165281

Work Arrangement: 02-Remote OptionalClick here for more information about work arrangements at Amtrak.
Relocation Offered: No
Travel Requirements: 0 - 5%

You power our progress through your performance.

We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.

Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions require a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.

Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuan]]> <

Job Tags

Hourly pay, Full time, Temporary work, Work experience placement, Casual work, Local area, Remote work, Relocation, Flexible hours,

Similar Jobs