The PCI Compliance Project Manager is a key member of the Compliance team and is instrumental in ensuring the compliance of people, processes, and technology with the PCI DSS. This role will own the coordination of compliance activities across Under Armour’s in-scope business units and work closely with IT, engineering teams, and cybersecurity. The PCI Compliance Project Manager will advise on proposed changes to business processes that could impact compliance and draft required documentation. For example, this role will advise on new payment solutions, security tools, and policies that could impact PCI DSS scope and compliance and prepare the appropriate evidence for the annual PCI Self-Assessment Questionnaires (SAQs) and/or Report on Compliance (ROC).
Essential Duties & Responsibilities
- Act as the single point-of-contact / subject matter resource for all efforts related to PCI and other data governance frameworks.
- Monitor and manage annual reports and self-certifications, such as PCI SAQs and/or ROC with external QSA assessors.
- Track and report on the compliance status of each in-scope process so that enterprise level compliance can be determined.
- Track and report on the remediation plans and timelines associated with compliance gaps in each in-scope process.
- Manage issues where compliance may be at risk.
- Risk assess new projects to ensure compliance is accounted for.
- Serve as the primary enforcement arm of policies and standards with the business.
- Monitor changes to the PCI DSS and other data governance frameworks and evaluate compliance status impact at UA.
Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and/or Experience
- At least 5-7 years of IT or e-commerceproject managementexperience
- 5-7 years of IT Security or IT Auditexperiencepreferred
- Experience with PCI DSS requirements and compliance preferred
- Industry certifications, such as ISA, CISA, CISSP, CISM, or CRISC, preferred
- Retail industry experiencepreferred
- Possess a thorough understanding of payment processes and related systems
- Experience scoping data environments and evaluating those environments against set controls
- Experience executing remediation activities to achieve compliance with data governance requirements and driving necessary system and process updates to maintain compliance
- Demonstrated ability to understand and document complex IT environments and payment processes
- Experience reviewing documentation and technical evidence to meet PCI DSS requirements and executing PCI DSS SAQs and/or ROC preferred
Other Skills and abilities
- Ability to maintain PCI ISA certification
- Willingness to share knowledge and experiences with less experienced and/or technical teammates through training and mentoring to help grow the team
- PC experience: MS Office (Word, Excel, Outlook, etc.)
- Experience with Visio or other flowcharting software a plus
- Ability to multi-task in a fast paced environment independently and as a member of a team
- Excellent oral and written communication skills
- Ability to identify and resolve business problems within a team setting
- Ability to understand and document business processes and related internal controls in narrative and/or flowchart formats
- Strong project management skills