PCI Security Compliance Assessor

About the job

Auto req ID: 235482BR

Job Description

Our Information Security Group at PepsiCo is looking for cyber security professionals to join our very exciting journey to manage cyber security risks for PepsiCo and all our partners around the world. The PCI (Payment Card Industry) Security Compliance Specialist Assessor will be responsible for helping PepsiCo internal business units around the world maintain compliance to the PCI Data Security Standard (DSS) by assisting them evaluate the applicable controls in completing the relevant PCI Self-Assessment Questionnaire (SAQ). The PCI Security Compliance Assessor Specialist will also be involved in providing guidance on PCI Compliance as new business solutions around the world are being evaluated, designed, and deployed.

As the PCI Security Compliance Assessor Specialist, you will institutionalize/implement a full life cycle compliance and governance framework for PCI which includes tasks such as: evaluating PCI compliance of third parties which PepsiCo partners with, assessing and evaluating evidence to assist business units in responding and completing their PCI SAQs, developing and tracking performance metrics, and reporting results.


  • Perform all new PCI DSS assessments required to support e-commerce via the PCI SAQ based on the proper PCI DSS compliance levels applicable to PepsiCo
  • Participate in annual required PCI assessments for all business solutions which transmit, process and/or store payment card information
  • Maintain compliance to established PCI governance standards
  • Communicate with business units results and actions
  • Complete and successfully pass annual PCI ISA (Internal Security Assessor) training
  • Evaluate a wide variety of technologies/architectures utilized by PepsiCo and its external business partners to understand impacts/risks to PepsiCo and support the organization’s business objectives
  • Implement global process improvements throughout the life cycle of the PCI compliance assessment activities
  • Develop reports and metrics, and present findings (functional/technical) to various levels throughout the organization
  • Create PCI compliance awareness presentations for all levels in the organization and stakeholders


  • Bachelor’s degree or higher.


  • 5+ years of experience in PCI compliance and governance as either an external PCI Qualified Security Assessor (QSA) and/or a PCI Internal Security Assessor (ISA)
  • 5+ years of technical or project management experience across various technologies and architectures including web, networking, firewalls, applications, access management, encryption, payment card devices, and cloud technologies.
  • One certification of the following highly desirable: Payment Card Industry Internal Security Assessor (PCI ISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT).
  • Advanced Microsoft Excel spreadsheet skills.
  • Basic knowledge of Tableau.
  • Strong technical ability to review and understand information security as it relates to Payment Card Industry standards and technologies
  • Basic understanding and knowledge of infrastructure technologies such as networking, firewalls, web, encryption, access management, payment card devices, e-commerce, and cloud technologies.
  • Ability to communicate with several levels in the organization, with emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication.
  • Ability to interpret the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives toward our business objectives.

Relocation Eligible: Not Eligible for Relocation

Job Type: Regular

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 – 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.

If you’d like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy

Please view our Pay Transparency Statement


  • Consumer Goods
  • Food & Beverages

Employment Type


Job Functions

  • Information Technology

More Information

Apply for this job

Leave your thoughts

Share this job