Information Security Engineer III
Company: Conduent
Location: Schiller Park
Posted on: March 13, 2026
|
|
|
Job Description:
Through our dedicated associates, Conduent delivers
mission-critical services and solutions on behalf of Fortune 100
companies and over 500 governments - creating exceptional outcomes
for our clients and the millions of people who count on them. You
have an opportunity to personally thrive, make a difference and be
part of a culture where individuality is noticed and valued every
day. About the Role We are seeking a highly skilled PCI Compliance
& Audit Governance Manager to serve as the dedicated end-to-end
compliance owner for 2-3 assigned business units within our
organization. In this critical role, you will act as the subject
matter expert and primary point of accountability for Payment Card
Industry Data Security Standard (PCI-DSS) compliance across your
assigned scopes from day-to-day control monitoring through annual
recertification and third-party audit management. This position
bridges the gap between technical security requirements and
business operations, requiring a practitioner who can translate
PCI-DSS mandates into actionable controls, work cross-functionally
with IT, finance, legal, and business leadership, and drive a
culture of sustained compliance across their assigned accounts. Key
Responsibilities 1. End-to-End Compliance Governance • Serve as the
sole compliance owner for 2–3 designated business unit scopes,
maintaining comprehensive accountability for their PCI-DSS posture.
• Define, implement, and continuously improve compliance governance
frameworks tailored to each assigned business units operating model
and cardholder data environment (CDE). • Establish and maintain
scope boundary documentation, data flow diagrams, and network
segmentation evidence for each assigned account. • Conduct regular
compliance health assessments across all assigned scopes and report
status to executive stakeholders via dashboards and governance
reports. • Identify, document, and track control gaps, compensating
controls, and risk acceptance decisions in alignment with PCI-DSS
v4.0 requirements. • Partners with business unit leaders embed
compliance requirements into project intake, change management, and
product development lifecycles. 2. Annual PCI-DSS Recertification •
Own the annual PCI-DSS recertification process for all assigned
accounts, acting as the primary liaison with Qualified Security
Assessors (QSAs) and internal stakeholders. • Develop and manage
detailed recertification project plans, timelines, and RACI
matrices to ensure on-time, audit-ready submissions. • Coordinate
evidence collection from control owners across IT, operations, HR,
and business units — validating completeness, accuracy, and audit
readiness. • Maintain a continuous evidence repository and artifact
management system to eliminate last-minute scrambles during
assessment windows. • Review and respond to QSA Requests for
Information (RFIs), findings, and preliminary observations on
behalf of assigned business units. • Drive remediation of any
deficiencies identified during assessments, tracking closure
through established issue management workflows. • Complete and
submit Attestations of Compliance (AOCs), Self-Assessment
Questionnaires (SAQs), and Report on Compliance (ROC) documentation
as applicable. 3. Audit Management • Design and operate a
structured audit management program covering all PCI-related
internal and external audit activities for assigned scopes. •
Manage QSA and internal audit relationships, scheduling, logistics,
and stakeholder communication throughout engagement lifecycles. •
Maintain and continuously improve the audit management toolset (GRC
platforms, ticketing integrations, evidence portals) to support
efficient, repeatable audit cycles. • Develop standardized audit
response playbooks, evidence templates, and interview preparation
guides for control owners. • Track all audit findings, management
responses, and remediation milestones to closure — escalating aged
or high-risk items to leadership. • Conduct post-audit
retrospectives and incorporate lessons learned into governance
processes and evidence collection practices. 4. Control Monitoring
& Continuous Compliance • Establish and oversee a control
monitoring calendar aligned to PCI-DSS testing frequencies (daily,
weekly, monthly, quarterly, annual) for each assigned scope. •
Define Key Risk Indicators (KRIs) and Key Performance Indicators
(KPIs) for each PCI control domain within assigned business units.
• Perform or coordinate quarterly vulnerability scan reviews,
penetration test oversight, access reviews, and log review
attestations. • Monitor threat intelligence and PCI SSC updates,
proactively assessing impact of new requirements or guidance on
assigned scopes. • Support third-party vendor assessments to verify
that service providers used by assigned business units maintain
their own PCI compliance. 5. Stakeholder Engagement & Advisory •
Act as the trusted compliance advisor for business unit leadership,
providing clear, actionable guidance on PCI-DSS obligations and
risk posture. • Deliver regular compliance status briefings and
steering committee presentations for assigned accounts. • Provide
PCI-DSS training and awareness sessions to control owners, IT
staff, and business operations teams within assigned scopes. •
Advise on new business initiatives, technology adoptions, and
process changes to ensure PCI requirements are addressed
proactively. • Collaborate with Legal, Privacy, and Risk teams to
align PCI compliance activities with broader enterprise GRC
strategy. Required Qualifications Education & Experience •
Bachelor’s degree in information security, Computer Science,
Information Systems, or a related field; combined 5 plus years
professional experience considered. • 5 years of hands-on
experience in PCI-DSS compliance, information security, or IT audit
roles. • Minimum 2 years of direct experience managing PCI-DSS
assessments (QSA engagement, ROC/SAQ preparation) as a primary
owner. • Demonstrated experience managing compliance obligations
for multiple business units or organizational scopes
simultaneously. Technical Knowledge • 2 plus years working
knowledge of PCI-DSS v4.0 requirements, SAQ types, and ROC/AOC
processes. • 2 plus years Strong understanding of network security
concepts, segmentation controls, and cardholder data environment
(CDE) scoping methodologies. • Familiarity with vulnerability
management processes, penetration testing oversight, and security
monitoring in payment card environments. • Experience with GRC
platforms for audit and compliance management. • Working knowledge
of cloud environments (AWS, Azure, GCP) in PCI-scoped contexts.
Preferred Qualifications • Experience in financial services,
payments, retail, or e-commerce industries with large-scale PCI
scopes. • Prior experience working directly as or alongside a
Qualified Security Assessor (QSA). • Familiarity with related
frameworks (SOC 2, ISO 27001, NIST CSF) and control mapping across
standards. • Experience managing service provider PCI compliance
oversight and third-party risk programs. • Exposure to
tokenization, point-to-point encryption (P2PE), and other PCI
scope-reduction technologies. • Scripting or automation experience
to streamline evidence collection and monitor workflows.
Keywords: Conduent, Chicago , Information Security Engineer III, IT / Software / Systems , Schiller Park, Illinois
