Payment Card Industry GRC Manager (Remote)

The SouthState story is one of steady growth, deep community roots, and an unwavering commitment to helping our customers move forward. Since our beginnings in the 1930s to becoming a trusted financial partner across the South and beyond - we are known for combining personal relationships with forward-thinking solutions.

We are committed to helping our team members find their success while maintaining the integrity of our values: building trust, fostering lasting relationships and pursuing excellence. At SouthState, individual contributions are recognized, potential is cultivated and team members are inspired to achieve their greater purpose. Your future begins here!

SUMMARY/OBJECTIVES

It is the responsibility of the PCI GRC Manager to take ownership of all tasks and challenges that they encounter in the operation of their assigned position. The PCI GRC Manager is responsible for supporting Cyber Governance activities and controls and serves as the primary PCI specialist leading the design, implementation, and ongoing management of the Bank’s PCI DSS compliance program. This role ensures the organization meets all PCI DSS requirements, reduces risk to cardholder data, and maintains a strong security posture. Acting as the primary liaison with the Qualified Security Assessor (QSA), the PCI GRC Manager drives readiness, assessments, and continuous monitoring efforts, while aligning PCI initiatives with broader cyber governance and risk management strategies.

ESSENTIAL FUNCTIONS

This position is expected to perform the specific duties, tasks, and responsibilities as outlined below.

Cyber Governance

• Ensure policies and standards are consistently developed, maintained, and enforced.

• Maintain a comprehensive governance model that defines roles, responsibilities, and accountability.

• Ensure governance documents align with industry frameworks and legal/regulatory obligations.

• Support security control framework development and alignment.

• Assist with validation of security controls to meet regulatory, industry, and internal requirements.

Program Management

• Develop and maintain a PCI DSS compliance roadmap.

• Maintain PCI documentation and oversee accuracy of system inventories.

• Collaborate with cross-functional teams to ensure PCI alignment with enterprise GRC.

• Maintain an understanding of organization wide objectives, interactions, issues and risks

• Provide PCI DSS subject matter expertise to internal stakeholders and project teams.

• Conduct training and awareness on PCI-related risks and controls.

• Stay current on PCI DSS updates, industry trends, and regulatory changes.

Readiness Assessments

• Identify and assess business processes that store, process, or transmit cardholder data.

• Lead internal PCI readiness assessments and gap analyses.

• Recommend and track remediation of control gaps and compliance deficiencies.

• Support control design, documentation, and validation efforts.

QSA Assessments

• Coordinate and manage annual QSA assessments.

• Act as the primary liaison with the Qualified Security Assessor (QSA).

• Ensure timely and accurate evidence collection and submission.

• Track and manage findings, observations, and remediation plans from QSA reviews.

PCI Consultation

• Advise project teams on PCI implications for new systems or changes.

• Interpret PCI DSS requirements and provide guidance on control implementation.

• Support design reviews and architecture assessments for PCI impact.

• Assist stakeholders with PCI control enhancements and sustainable remediation strategies.

PCI Ongoing Monitoring

• Monitor compliance status and report metrics to leadership.

• Perform regular control testing and evidence validation.

• Track system changes for PCI scope impact.

• Maintain audit trails and documentation for all PCI-related activities.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

COMPETENCIES

• Excellent organizational and time management skills.

• Effective communication and interpersonal skills.

• Ability to manage multiple projects and deadlines.

• High attention to detail and analytical thinking.

• Proficiency in Microsoft Office Suite and GRC tools.

• Ability to work independently and collaboratively across teams.

• Strong problem-solving and decision-making capabilities. 

• Strong written and verbal communication skills.

• Self-starter with a proactive and collaborative mindset.

Qualifications, Education, and Certification Requirements

Education

• Bachelor’s degree - Information Security, Information Technology, Audit, or Risk Management preferred

Experience:

• Minimum 5 years of experience in Information Security, Information Technology, Audit, or Risk Management, preferably in the financial industry

• Minimum 3 years of direct PCI compliance experience

• Experience managing projects or compliance programs

• Experience with GRC platforms and PCI strategies.

• Experience working in a remote or hybrid environment. 

Certifications/Specific Knowledge

• Professional certifications such as ISA, PCIP, CISSP, CISA, or CISM.

• Strong knowledge of PCI DSS requirements

• Strong knowledge of NIST, ISO, and other security frameworks.

• Familiarity with QSA assessments and evidence collection processes.

• Ability to interpret complex regulatory requirements and translate them into actionable plans.

TRAINING REQUIREMENTS/CLASSES

Required annual compliance training, New Employee Orientation

PHYSICAL DEMANDS

Must be able to effectively access and interpret information on computer screens, documents, reports, and cash denominations, and identify customers. This position requires a large amount of time in front of a computer.  This can be done sitting or standing with use of the right desk.  This position requires lifting boxes and coin on a daily basis.  This position requires the ability to drive a company vehicle to and from other locations.  This position may require bending and reaching.

WORK ENVIRONMENT

Telecommuting roles no matter if hybrid or 100% full time telecommuting must have a secure home office environment that is free from background noise and distractions. They must also have a reliable private internet connection that is not supplied by use of cellular data (hot spot). Cable or fiber connections are preferred.  Requirements are subject to change, as new systems and technology is delivered.

TRAVEL

Travel may be required to come to meetings as needed.

In accordance with Colorado law: Colorado pay for this position is anticipated to be between $99,237.00 - $158,521.00 , actual offers to be determined based on applicant’s skills, experience and education.

While the anticipated deadline for the job posting is 07-18-2025, we encourage you to submit your application as we may still consider qualified candidates beyond this date.

Benefits | SouthState Careers