Old National Bank

PCI Compliance Lead

Old National Bank$98K — $199K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree in Cybersecurity, Information Security, Information Technology, Business, or a related field
  • 7+ years of experience in compliance, risk management, or information security with a focus on PCI-DSS
  • Direct experience building and managing a PCI Compliance Program
  • Experience working with QSA firms in regulated environments
  • Familiarity with ISO27XXX, NIST CSF, CRI, and SCF frameworks
  • Strong project management, leadership, and communication skills
  • Certification such as PCI ISA, PCIP, CISSP, or CISA preferred

Responsibilities

  • Develop and maintain the PCI Compliance Program, including PCI-DSS and applicable standards
  • Lead the continuous improvement of PCI-related policies and procedures
  • Provide guidance on the impacts of new technologies and partnerships
  • Drive education and training initiatives to promote risk management behaviors
  • Act as the main point of contact for stakeholders and auditors on PCI compliance
  • Collaborate with teams on control design and PCI security requirements
  • Coordinate evaluations of PCI compliance for vendors and partners

Benefits

  • Opportunity to lead a critical compliance program
  • Collaborative environment with various internal and external stakeholders
  • Focus on continuous improvement and professional development
  • Exposure to cutting-edge technologies and risk management practices
Full Job Description
Overview

The PCI Compliance Manager role is responsible for leading the organization’s PCI Compliance Program including Payment Card Industry Data Security Standard (PCI-DSS). This position ensures compliance with PCI Standards and PCI-DSS requirements to protect cardholder data and maintain secure payment environments. This role requires a strategic approach to compliance management, ensuring that PCI-DSS controls are effectively implemented, maintained, and continuously improved. The PCI Compliance Manager collaborates with various internal and external stakeholders to uphold the security of payment card data, drive risk mitigation initiatives, and align compliance efforts with broader information security objectives.

 

Salary Range

The annual salary range for this position is $98,400-$199,000 plus incentive bonus. The base salary indicated for this position reflects the compensation range applicable to all levels of the role across the United States. Actual salary offers within this range may vary based on a number of factors, including the specific responsibilities of the position, the candidate’s relevant skills and professional experience, educational qualifications, and geographic location.

 

Key Accountabilities

Program Governance

  • Develop, manage, and maintain Old National Bank’s PCI Compliance Program, including PCI-DSS and all applicable PCI standards.
  • Lead continuous improvement of PCI-related policies, standards, procedures, and supporting documentation.
  • Provide guidance on impacts related to new technologies, infrastructure, processes, and partnerships, ensuring program alignment and adherence.
  • Drive education, communication, and training initiatives which promote behaviors which reduce risk and reinforce a strong information security and risk management culture.
  • Serve as the primary point of contact across stakeholders, auditors, third parties, and regulators offering technical and business expertise on PCI compliance and data security processes.
  • Collaborate with first-line teams and risk offices on control design, refinement, and implementation of PCI-related safeguards.
  • Coordinate with Procurement and Third-Party Risk Management to evaluate and track PCI compliance obligations for vendors and partners.

Program Assessment & Compliance

  • Collaborate with first-line partners to identify and implement PCI security requirements.
  • Perform PCI assessments to support compliance, safeguard cardholder data, reduce security risk, and strengthen overall security posture.
  • Conduct control testing to evaluate effectiveness and identify gaps, providing actionable recommendations.
  • Ensure ASV scans, penetration testing, and related remediation activities occur within required timelines.
  • Communicate findings, escalate concerns based on risk level, and manage timely remediation of PCI compliance issues.
  • Manage PCI audits, including evidence gathering, issue socialization, and support for remediation activities. 

Program Monitoring

  • Perform ongoing monitoring of the PCI Compliance Program and PCI-DSS standards, including assessing impacts of changes.
  • Create and maintain PCI compliance dashboards, scorecards, and KPIs to monitor program effectiveness and risk trends.
  • Develop and deliver reporting on PCI compliance status, risks, control performance, and emerging issues ensuring clear communication of PCI compliance posture.

Other General Responsibilities

  • Stay current with industry regulations, frameworks, and best practices such as PCI, ISO27XXX, NIST, CRI, SCF, GLBA, and SOX. Proactively support identification of emerging compliance issues and recommended information security and technology risk improvements.
  • Maintaining a positive and professional working relationship with peers, management, and support resources, with a constant commitment to teamwork and exemplary customer service.
  • Participate in departmental activities including meetings, updates, planning, and reporting.
  • Support other information security and technology risk duties assigned.

Key Competencies for Position

  • Planning, Organization, and Execution: Demonstrated ability to drive enterprise-wide initiatives, providing strategic direction and influencing cross-functional teams. Ability to effectively prioritize, track, and execute tasks in a consistent and timely manner while simultaneously managing multiple assignments. Thorough in accomplishing a task through concern for all the areas involved, no matter how small. Monitors and checks work on information and plans while organizing time and resources efficiently.  Adapts well to changes in assignments and priorities; yet, can maintain focus and stay current with day-to-day responsibilities. Committed to achieving established goals and overcoming obstacles. Ability to independently prioritize and manage complex, multi-phase compliance initiatives with minimal oversight.
  • Problem Solving/Decision Making - Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.  Able to identify issues and potential risks; incorporates input from multiple sources (e.g., lines of business, subject matter experts, industry leaders, data, policies, procedures, etc.) to ensure complete views determining an effective course of action and to promote shared ownership; decisions are sound based on what was known at the time and are based on a blend of analysis, wisdom, experience, and judgement.
  • Communication: Ability to present ideas, decisions, and recommendations effectively to all levels of management in a clear and professional manner, including excellent written, oral communication, and interpersonal skills. Ability to confidently educate and advise senior leaders.
  • Technical Knowledge: Possesses the required technical knowledge to perform the role effectively; ability to comprehend new information rapidly in the everchanging technical landscape; desire for continuous learning to adapt to emerging risks and threats.

 Qualifications and Education Requirements

  • Bachelor’s degree in Cybersecurity, Information Security, Information Technology, Business, or a related field
  • 7+ years of experience in compliance, risk management, or information security, with a strong focus on PCI-DSS
  • Direct experience building a PCI Compliance Program and managing the PCI-DSS compliance lifecycle from readiness to certification
  • Experience working with QSA firms in a regulated environment
  • Experience with frameworks and best practices such as ISO27XXX, NIST CSF, CRI, SCF
  • Excellent project management, leadership, and communication skills
  • Achieved or in pursuit of a globally recognized information security certification such as PCI Internal Security Assessor (ISA), PCI Professional (PCIP), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent preferred
  • Formal project or program management certification (e.g., PMP, PgMP) strongly preferred

About Old National Bank

Old National Bank is a regional bank with its headquarters in Evansville, Indiana. It is the largest financial services holding company headquartered in Indiana and operates in Indiana, Kentucky, Michigan, Wisconsin, and Minnesota. The bank offers a range of financial services, including personal and business banking, wealth management, and insurance. Old National Bank has a strong commitment to community involvement and has been recognized for its philanthropic efforts. The bank has received numerous awards for its workplace culture and has been named one of the Best Banks to Work For by American Banker.
Learn more about Old National Bank
Size
4,333 employees
Market Cap
$5.1 billion
Industry
Net Income
$226.4 million
Founded
1834
5 Year Trend
+7.4%
NASDAQ

Similar Jobs

More Jobs at Old National Bank

More Finance & Insurance Jobs

Find similar PCI Compliance Lead jobs: