Dir DT Gov Risk & Compliance, PCI - 90388075 - Washington

Your success is a train ride away!

As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.

Are you ready to join our team?

Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.

SUMMARY OF DUTIES:

The Director of the PCI Compliance Program is aseniorlevelmanageraccountable for leading and managing Amtrak's enterprise PCI DSS compliance program, ensuring adherence to PCI DSS 4.0 standards across Amtrak's payment systems and associated processes. This position ensures that Amtrak maintains the ability to securely process, store, and transmit payment card data while mitigating associated risks. This role oversees the team of PCI professionals tasked withidentifying and maintainingareasof PCIcompliance;developing, implementing and maintainingPCI Continuous Compliance Program, while providing associated complianceguidancetoseniormanagementandemployees across the organization.Thisrolepromotesheightenedawarenessandunderstandingofexisting PCI DSS 4.0complianceissues, relatedcontrol requirements andpolicies,andprocedures required to meet PCI-DSS 4.0 compliance requirements. The Director, PCI Compliance workscloselywithIT and BusinessSeniorLeadership, overseeinginternalcompany PCIcompliancestafftoanalyze,evaluate,prioritize,andimplementnecessarytechnologiesortechnologyrelatedprocessimprovements. This role owns and manages ongoing, yearly PCI audit schedule and associated audits and workswithIT and Businessleadershiptoensure ongoingcompliancewith allapplicable PCI-DSS Compliance requirements.

ESSENTIAL FUNCTIONS:

• Owns Amtrak's PCI-DSS 4.0 Continuous Compliance Program, ensuring successful internal and external audits are successfully completed on yearly basis.
• Reviewsrevising,and,whereappropriate,proposingnew changes topoliciesandprocedurestoensurecompliancewithPCI-DSS 4.0 Compliance requirements.
• WorkswithITLeaders, Business Leaders and stafftoensure appropriate awareness and due-diligence applied to meet ongoing PCI-DSS requirements.
• Managesfeedbackandplansfrom PCIauditsforAmtrak'sITdepartment
• IdentifiesmajorriskfactorsfortheITleadershipanddevelopingandcoordinatingtheimplementationofstrategiestoreduce/remediateprocess,operational,regulatoryandcompliancerisk associated with PCI-DSS compliance.
• ProvidessupportandoversighttoAmtrak'svariousIT PCI relatedprojectsandtestinginitiatives,including continuousauditsofthe associatedinternalcontrols.
• AnalyzescurrentandproposedITsystems/programs/initiativestoensurecompliancewithPCI-DSS requirements.
• EnsuresthattheappropriatecontrolsareconsideredthroughoutnewsystemimplementationprojectsandreviewingdocumentationfornewIT, or businessprocessesthatimpactPCI compliance.
• Collaboratesregularlywithteams across organizationtogathercompliance workstatuses, progressandobstacles.
• Provides ongoing PCI-DSS Comlianceadvice,guidance,encouragementandconstructivefeedback.
• Establishesmeasurableindividualandteamobjectivesthatarealignedwithbusinessandorganizationalgoals to meet yearly PCI Compliance requirements.
• Documentsandpresentsperformanceassessments.Recognizesand rewardsassociatescommensuratewithperformance.Implementsorganizationalpracticesforstaffing,EqualEmploymentOpportunity(EEO),diversity,performancemanagement,development,rewardandrecognition,andretention.
• Identifiestheroles,skillsandknowledgerequired.Ensurestaffhastheresourcesandskillsneededtosupportallworkinitiatives.ParticipatesinITworkforcedeploymentactivities.
• Generatesappropriatecommunication,processandeducationalplansformitigatingthedisruptionofchange.Identifiesandremovesobstaclestochange.

MINIMUM QUALIFICATIONS:

• Bachelor's degree in Computer Science, Information Technology, Information Assurance, orrelatedtechnical/businessfieldwith11+year'srelevantexperienceoraminimumof15+years'relevantexperienceisrequiredtosatisfyeducationandexperiencerequirements.
• 11+yearsofrelevanttechnicaland managerialexperience.
• In-depth, subject matterknowledgeofPCI-DSS 4.0Compliance Framework, SAQs, ROC processes, and remediation strategies.
• Demonstrated experience in leading PCI DSS compliance initiatives, including audits, risk assessments, and remediation efforts.
• Requiresexperienceinmanaginglarge, cross-functional/matrixedteamsandbuildingrelationshipswithpeopleatavarietyoflevels across organization.
• DemonstratedexpertiseinriskandcompliancemanagementwithinanITorganization, with expertise in compliance frameworks like ISO 27001, NIST Cybersecurity Framework.
• Possessaproventrackrecord of managing large-scale compliance programs and beingdetail-orientedwithademonstratedabilitytomotivateandfollow-throughon criticalprojects
• Demonstratedexpertiseindevelopingandreviewingpolicy
• Strong project management skills, with experience in implementing compliance and security initiatives on a global scale.
• Excellent communication and stakeholder management skills, including experience presenting to executives and board members.
• Abilitytodeliverthroughothersinamatrixenvironmentwhilefosteringcollaboration
• Ability to work effectively with external assessors and regulatory bodies.
• Strong analytical skills for interpreting audit findings and developing actionable remediation plans.
• Mustpossessstrongcommunicationandinterpersonalskills,workwellwithothersinanintegratedteamenvironment,andmustbeself-motivated.

PREFERRED QUALIFICATIONS:

• Master's degree in Cybersecurity, Information Assurance, or a related field.
• Certifications such as PCIP, QSA, CISSP, CISM, CISA
• Knowledge of payment systems, e-commerce platforms, and emerging payment technologies.
• Strong familiarity with security technologies, such as firewalls, encryption, vulnerability scanning, IAM and SIEM solutions.
• Proven leadership in cross-functional, multi-disciplinary teams.

WORK ENVIRONMENT:

• Thispositionisina hybrid office, or remoteenvironment.
• Maytravelupto10%ofthetime.
• Occasionalafter-hoursworkisrequired.
• Additionaldutiesasassigned

COMMUNICATIONS AND INTERPERSONAL SKILLS:

• Must have excellent oral and written communication skills.

The salary/hourly range is $163,000-$211,140, Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee's assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee's base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offeringshere.

Requisition ID:163923

Posting Location(s):District of Columbia; Maryland; Virginia

Work Arrangement:04-Hybrid WeeklyClick here for more information about work arrangements at Amtrak.

Job Family/Function:Information Technology

Relocation Offered:No

Travel Requirements:Up to 25%

You power our progress through your performance.

We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.

Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions requires a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.

Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Amtrak's pre-employment drug testing program is administered in accordance with DOT regulations and applicable law.

In accordance with DOT regulations (49 CFR * 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

In accordance with federal law governing security checks of covered individuals for providers of public transportation (Title 6 U.S.C. *1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.