PCI Compliance and Security Program Manager
Posted on 11/30/2023

1,001-5,000 employees

Lender and financial services provider
Company Overview
SoFi’s mission is to help people reach financial independence to realize their ambitions.
Financial Services
Data & Analytics
Venture Capital

Company Stage


Total Funding





San Francisco, California

Growth & Insights

6 month growth


1 year growth


2 year growth

Salt Lake City, UT, USA • Remote in USA • Jacksonville, FL, USA
Experience Level
Desired Skills
Legal & Compliance
IT & Security
  • Minimum of 7 years of experience in PCI DSS compliance, preferably in a similar role.
  • Strong understanding of information security principles, best practices, and the PCI DSS.
  • Relevant certifications such as Qualified Security Assessor (QSA) Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), PCI Professional (PCIP), AWS Certified Solutions Architect - Associate or AWS Certified Security Specialty
  • Excellent organizational and technical program management skills.
  • Strong interpersonal and communication skills.
  • Experience assessing security in a cloud-hosted environment
  • Experience managing SOC2, PCI DSS, SOX ITGC, GLBA or other compliance standards and framework programs
  • Demonstrated ability to assimilate new knowledge quickly
  • Comfortable working in a fast-paced, dynamic environment, and managing multiple projects concurrently
  • Develop and maintain the organization's PCI DSS compliance roadmap
  • Partner with stakeholders and cross-functional partners to identify, document, and communicate project/program scope, schedule, risks, and issues
  • Serve as the primary point of contact for PCI Qualified Security Assessors (QSAs), Approved Scanning Vendors (ASVs), and relevant external partners.
  • Be the subject matter expert for PCI DSS compliance across SoFi
  • Coordinate PCI DSS annual assessments, vulnerability scans, and penetration testing with various internal and external stakeholders
  • Perform ongoing compliance checks to ensure continuous compliance.
  • Facilitate code reviews, architecture reviews, API security reviews and third party reviews with engineering and security teams for PCI scoped environment
  • Lead PCI governance for cardholder data environment
  • Collect, prioritize, track, and drive issues to resolution/closure
  • Collaborate with relevant departments to maintain and update PCI DSS-compliant policies, controls and procedures
  • Regularly review and update the organization's policies and procedures to ensure ongoing compliance
  • Conduct PCI DSS awareness and training sessions for staff
  • Ensure all relevant personnel are aware of PCI DSS requirements as they pertain to their roles
  • Identify potential areas of compliance vulnerability and risk
  • Develop and implement corrective action plans for resolution of problematic issues
  • Provide guidance on risk mitigation techniques related to PCI DSS
  • Assist with any potential cardholder data breaches or incidents, ensuring they are appropriately addressed, documented, and reported in accordance with PCI DSS requirements
  • Provide regular updates to leadership on the status of PCI DSS compliance, including any potential risks or issues
  • Stay updated on changes to the PCI DSS and related industry best practices
  • Recommend improvements to enhance the security posture and efficiency of the organization's PCI program
Desired Qualifications
  • MS in a technical field or equivalent experience
  • Experience with network and firewall reviews, review of technical flows and architecture diagrams, data classification, SIEM logging tools, cloud security posture management, compliance scanning solutions, vulnerability scanners, data security posture management