About the Role
Title: PCI Manager
Location: United States
Full time
job requisition id: J-73624
Job Description:
Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
What You’ll Do:
- Lead the planning, coordination, and execution of PCI DSS assessments, including interactions with Qualified Security Assessors (QSAs).
- Maintain and update PCI scope documentation, including network diagrams, asset inventories, data flows, and evidence repositories.
- Manage remediation efforts and work closely with internal stakeholders (IT, Product, Engineering, and Risk teams) to address gaps and implement required controls.
- Ensure ongoing compliance through continuous monitoring, self-assessments, control validations, and evidence collection.
- Establish and enforce policies, procedures, and standards aligned with PCI DSS and other relevant regulatory requirements.
- Provide subject matter expertise on PCI requirements across access control, encryption, application security, vulnerability management, and logging/monitoring.
- Drive compliance automation and continuous control monitoring initiatives to improve audit readiness and efficiency.
- Educate teams across the organization on PCI obligations and support secure implementation practices during application development and infrastructure changes.
- Track regulatory and industry updates to PCI standards and guide the organization through evolving requirements.
What We’re Looking For:
- Extensive Knowledge of PCI DSS: Strong understanding of PCI DSS 4.0 framework, including the ability to interpret requirements and apply them in complex, distributed environments.
- Hands-On PCI Audit Experience: Demonstrated experience managing the full lifecycle of PCI audits, including readiness assessments, evidence management, QSA coordination, and remediation tracking.
- Technical Competence: Familiarity with application and infrastructure architectures, including secure software development practices, authentication methods, access control mechanisms, and data protection.
- Program Management Skills: Strong organizational and project management capabilities to coordinate across multiple teams and manage deadlines, deliverables, and risk mitigation activities.
- Communication & Influence: Proven ability to engage with technical and business stakeholders, explain compliance requirements clearly, and drive cross-functional alignment.
- Analytical Mindset: Ability to assess control effectiveness, identify process gaps, and recommend practical, risk-based solutions.
- Experience in Large-Scale Environments: Prior experience operating in enterprise-level environments with diverse systems, third parties, and hybrid (cloud/on-prem) infrastructure.
- Certifications Preferred: PCI ISA, CISA, CISSP, or other relevant compliance/security certifications.
- Strong familiarity with project management methodologies and best practices.
- Travel industry, Travel Operations or TMC experience is a plus.
- Exceptional leadership and team management skills, with the ability to inspire and motivate cross-functional teams.
- Excellent communication and interpersonal skills, with the ability to manage stakeholder expectations and build strong relationships.
- Strong problem-solving skills and the ability to make decisions under pressure.
- Excellent written and verbal communication skills.
- Ability to navigate the organization, collaborate effectively with multiple stakeholders and overcome project barriers.
- Fast learner with the ability to quickly adapt and prioritize focus.
- Solid follow through with minimal management.
- Good business & technical acumen.
- Detail-oriented with a commitment to delivering high-quality results.
- Strong sense of personal accountability regarding decision-making and managing teams