Program Manager- PCI DSS Compliance

The Program Manager- PCI DSS Compliance will be a critical part of the IT department, reporting to the Director of Cyber Security Operations. In this role, you will be responsible for assisting in the development, implementation, and maintenance of our company’s PCI DSS compliance program. You will work closely with cross-functional teams, including IT Networking, IT Service Desk, Cyber Security and Convenience Store (Cstore) Business Operations, to identify potential risks, assess controls, and ensure adherence to the current PCI DSS requirements. Your expertise will contribute to the protection of sensitive payment card data and the overall security posture of our organization. We are seeking a leader to spearhead our PCI-DSS compliance program. As the program owner, you’ll report directly to the Director of Cyber Operations, driving the entire spectrum of our program’s success, from strategy to seamless tactical implementation.

We offer a flexible work environment. This means working up to 2 days a week remotely and the rest of the time in our Waltham, MA office.

For over 75 years Global Partners has been delivering the energy, products, and services that make life better. We’ve also successfully developed community integrated convenience stores where we are transforming the customer experience and rethinking what it means to lead as an adaptive energy distribution company. This is a source of pride and frankly we don’t plan on stopping. With our recent game changers such as Alltown Fresh Gourmet Market and Renewable Diesel Fuel, we are looking to continue responsible and innovative growth. From design, supply, and tech we’re looking for people to contribute to our company’s direction. Global Partners is a great opportunity for those looking to develop their career with a longstanding company motivated by what’s next.  

The Types of “Energy” You Bring  

• Strong communication skills, with the ability to effectively communicate technical information to both technical and non-technical stakeholders.
• Ability to work independently and is a self-starter.
• Strong time management skills and are able to manage multiple priorities and meet deadlines in a fast-paced environment.

“Gauges” of Responsibility  

• Assist in the development and maintenance of Global’s PCI DSS compliance program, policies, and procedures.
• Conduct regular assessments and audits to identify potential risks and vulnerabilities in systems, processes, and controls.
• Monitor and track remediation efforts for identified vulnerabilities or non-compliance issues to ensure timely resolution.
• Prepare and maintain necessary documentation, such as compliance reports, risk assessments, and remediation plans.
• Collaborate with internal teams and stakeholder to ensure the implementation of appropriate controls and security measures to meet PCI DSS requirements.
• Monitor and analyze security events and incidents to identify and respond to potential breaches or non-compliance.
• Conduct internal training and awareness programs to educate employees on PCI DSS compliance and best practices.
• Participate in incident response activities related to potential security breaches or data compromises.
• Develop and maintain documentation, including policies, procedures, and reports, related to PCI DSS compliance efforts.
• Develop and maintain the security standards that are currently in place to protect credit card transactions and card holder data. This includes the highly segmented network architecture, POS isolation and configuration standards that are currently in place.
• Provide guidance and support to project teams to ensure new systems, applications, or processes are designed and implemented in accordance with PCI DSS standards.
• Stay up to date with industry trends, emerging threats, and changes in PCI DSS requirements to recommend necessary adjustments to the compliance program.
• Assist in coordinating and participating in external PCI DSS assessments, including on-site audits, vulnerability scans and penetration testing.
• Assist in responding to customer or business inquiries or requests related to PCI DSS compliance, providing accurate and timely information.
• Complete yearly SAQ-C and submit this documentation to our respective credit card processing agencies
• Stay on top of other credit card, or cardless processing technologies, such as Skip, Square, Amazon Just-Walk-Out, Apple Pay, Google Pay, etc., as our business adopts a variety of consumer payment options.

 “Fuel” for You

• Coins! We offer competitive salaries and opportunities for growth. We mean it! We have an amazing Talent Development Team who create trainings for growth and job development.
• Health + Wellness – Medical, Dental, Visions and Life Insurance. Along with additional wellness support. 
• The Road Ahead – We offer 401k and a match component!
• Professional Development – We provide tuition reimbursement; this benefit is offered after 6 months of service. 
• Give Back! We believe in community support. We know everyone gives in their own way, that’s why we offer paid volunteer time-off to you to help an organization of your choice.

The GPS of our Interview Process

• First thing first, if you’re interested in the role, please apply.
• A talent acquisition team member will review your resume in partnership with the hiring manager. If your experience would lend to this opportunity a recruiter will contact you. 
• We conduct “in-person” (ZOOM) interviews and provide additional interview information or other items needed at that time. 

QUALIFICATIONS

• Proven experience working as a PCI DSS Compliance Analyst or in a similar role, with a strong understanding of PCI DSS standards and requirements.
• Minimum of 5 years of experience in a similar role, preferably with a focus on PCI DSS compliance.
• In-depth knowledge of payment card processing systems, networks, and technologies, as well as common vulnerabilities and attack vectors.
• Strong knowledge of the most current PCI DSS requirements and best practices.
• Familiarity with security frameworks and standards, such as ISO 27001 or NIST Cyber Security Framework.
• Experience conducting compliance assessments, audits, or risk assessments.
• Proficient in using security tools and technologies for monitoring, analysis, and reporting (e.g., SIEM, vulnerability scanners).
• Excellent analytical and problem-solving skills, with the ability to assess complex systems and identify vulnerabilities or non-compliance issues.
• Certifications such as CISSP are preferred but not mandatory.

Education Requirement

•  Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).

Certification Requirement

• Must receive and maintain a yearly PCI ISA certification – This certification will be required for this position.
• QSA (Qualified Security Assessor) is a plus.

Research shows that many, especially women and marginalized people, are hesitant to apply for job if they don’t check every box. If you are excited about this position, and think you could have an impact here, please apply anyway, even if you don’t meet every point on the job description. We’d love to hear from you. ​

Global is committed to attracting, developing and retaining a highly qualified, diverse and dedicated work force and maintains a zero-tolerance policy with respect to discrimination in its workplace. We consider applications for all positions without regard to age, ancestry, race, gender, color, religion or creed, marital status, national origin, citizenship, disability, military or veteran status, sexual orientation, gender identity and expression, genetic predisposition or carrier status, status as a victim or witness of domestic violence, sex offenses or stalking, prior record of arrest or conviction, unemployment status or any other classification or status protected by applicable state, local or federal law. If you have a disability and need an accommodation to apply, please contact our recruiting department at 781-891-4000.