Manager 2, Program Management - PCI Program

About The Position

Requirements

• 7–10+ years of experience in security compliance, PCI DSS, audit, risk management, or related security disciplines.
• Strong understanding of PCI DSS, segmentation principles, vulnerability management, and enterprise security controls.
• Demonstrated experience leading complex compliance programs and multidisciplinary teams.
• Excellent communication skills with proven stakeholder engagement capabilities.
• Ability to assess risk, manage escalations, and lead structured remediation efforts.

Nice To Haves

• Certifications such as PCI ISA, CISSP, CISA, or CISM.
• Experience partnering with QSAs and managing large‑scale enterprise compliance assessments.
• Familiarity with Comcast environments, ServiceNow, Qualys, Power BI, and enterprise scanning/reporting workflows.

Responsibilities

• Lead U.S. PCI program operations, including annual ROC/AOC submissions, ASV attestations, quarterly internal scans, penetration tests, and segmentation testing.
• Drive organizational readiness for PCI DSS 4.0 by ensuring updated controls, evidence standards, and continuous compliance practices are implemented.
• Maintain comprehensive program documentation, evidence packages, and audit‑ready materials aligned with QSA expectations.
• Manage and mentor PCI GRC team members across program management, compliance analysis, vulnerability management, and penetration testing functions.
• Support staff development, cross‑training, and operational continuity.
• Oversee staffing, recruitment, retention, performance management, and professional development.
• Direct annual PCI scoping exercises, collaborating with architecture and engineering to validate data flows, segmentation boundaries, and connected‑to system inventories.
• Manage onboarding for newly in‑scope systems and ensure updates are accurately reflected in scope documentation.
• Oversee dashboards, remediation cycles, vulnerability metrics, and operational compliance indicators.
• Identify and escalate compliance gaps; coordinate remediation efforts and track program risks in alignment with Comcast’s risk management processes.
• Serve as primary liaison for QSAs, engineering teams, business partners, and leadership stakeholders.
• Facilitate evidence walkthroughs, interviews, working sessions, and program checkpoints to maintain alignment and transparency.
• Validate PCI scope for third‑party vendors and coordinate internal teams when external vendor activities affect in‑scope systems.
• Partner with cross‑entity organizations (e.g., Sky) where shared responsibilities, training, or assessment dependencies exist.
• Support corporate budgeting and tracking for the PCI program.
• Recommend and implement improvements to PMO processes and program performance.
• Maintain awareness of emerging methodologies, agile practices, and industry standards.
• Exercise independent judgment in matters of significance.
• Role requires regular, punctual attendance and may require occasional nights, weekends, or overtime.

Benefits

• We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality—to help support you physically, financially and emotionally through the big milestones and in your everyday life.
• Please visit the benefits summary on our careers site for more details.