Information Security Risk & Compliance Specialist, PCI Program

IDEXX’s IT Risk & Compliance Group is dedicated to safeguarding the organization against various IT risks and ensuring compliance with industry standards and regulations. Key responsibilities of this team include conducting cyber risk training and assessments, managing third-party risk, overseeing SOX compliance, and ensuring privacy compliance across global operations. The team also spearheads the development of governance policies and provides comprehensive risk management consultancy services. Led by an experienced manager, the group consists of 6 seasoned professionals with extensive expertise in risk management, compliance, and security. Despite its size, the team adeptly manages the diverse and complex aspects of IT risk and compliance within IDEXX. As a Senior IT Risk & Compliance Specialist for our PCI program, you will be a functional IT Security Lead influencing the business managers and leading positive changes ensuring that the organization’s operations are conducted in a manner consistent with ethical business practices, organization policies, and legal requirements. Location : being located near our HQ in Maine is required, where you would need to be on-site a minimum of 8 days per month. If you are not local, you would need to be willing to relocate. In this role.... You will be the lead specialist for the PCI compliance program, responsible for: Maintaining and updating all relevant PCI documentation , including scoping documents, policies, procedures, etc. Monitoring compliance to the PCI governance program Facilitating PCI audit(s), being the main point of contact for the QSA Communicating progress, results, etc. You will conduct system risk and gap assessments. You will also contribute to the development and review of security policies and procedures. You will be part of the team who provides risk management consulting services to various teams within the organization, aiding in prioritizing issues for resolution. You will support monitoring against internal standards within the program, acting as the second line of defense before internal audits. As others on the team wear 3-4 “hats”, you will also juggle multiple roles within the team, including risk identification, quantification, and consulting. You will facilitate risk assessments at the operational level, acting as a bridge between tactical and enterprise risks within the organization.