Manager 2, Program Management - PCI Program

Program Leadership & Compliance Execution

• Lead U.S. PCI program operations, including annual ROC/AOC submissions, ASV attestations, quarterly internal scans, penetration tests, and segmentation testing.
• Drive organizational readiness for PCI DSS 4.0 by ensuring updated controls, evidence standards, and continuous compliance practices are implemented.
• Maintain comprehensive program documentation, evidence packages, and audit‑ready materials aligned with QSA expectations.

People Leadership

• Manage and mentor PCI GRC team members across program management, compliance analysis, vulnerability management, and penetration testing functions.
• Support staff development, cross‑training, and operational continuity.
• Oversee staffing, recruitment, retention, performance management, and professional development.

Scope Governance & Onboarding

• Direct annual PCI scoping exercises, collaborating with architecture and engineering to validate data flows, segmentation boundaries, and connected‑to system inventories.
• Manage onboarding for newly in‑scope systems and ensure updates are accurately reflected in scope documentation.

Continuous Monitoring & Risk Reduction

• Oversee dashboards, remediation cycles, vulnerability metrics, and operational compliance indicators.
• Identify and escalate compliance gaps; coordinate remediation efforts and track program risks in alignment with Comcast’s risk management processes.

Stakeholder Engagement & Communication

• Serve as primary liaison for QSAs, engineering teams, business partners, and leadership stakeholders.
• Facilitate evidence walkthroughs, interviews, working sessions, and program checkpoints to maintain alignment and transparency.

Third‑Party & Cross‑Entity Coordination

• Validate PCI scope for third‑party vendors and coordinate internal teams when external vendor activities affect in‑scope systems.
• Partner with cross‑entity organizations (e.g., Sky) where shared responsibilities, training, or assessment dependencies exist.

Operational & Administrative Responsibilities

• Support corporate budgeting and tracking for the PCI program.
• Recommend and implement improvements to PMO processes and program performance.
• Maintain awareness of emerging methodologies, agile practices, and industry standards.
• Exercise independent judgment in matters of significance.
• Role requires regular, punctual attendance and may require occasional nights, weekends, or overtime.

Qualifications

Required

• 7–10+ years of experience in security compliance, PCI DSS, audit, risk management, or related security disciplines.
• Strong understanding of PCI DSS, segmentation principles, vulnerability management, and enterprise security controls.
• Demonstrated experience leading complex compliance programs and multidisciplinary teams.
• Excellent communication skills with proven stakeholder engagement capabilities.
• Ability to assess risk, manage escalations, and lead structured remediation efforts.

Preferred

• Certifications such as PCI ISA, CISSP, CISA, or CISM.
• Experience partnering with QSAs and managing large‑scale enterprise compliance assessments.
• Familiarity with Comcast environments, ServiceNow, Qualys, Power BI, and enterprise scanning/reporting workflows.

Operating Principles

Employees at all levels are expected to:

• Embrace Comcast’s Operating Principles as the foundation for daily work.
• Own the customer experience with a digital‑first mindset.
• Be enthusiastic learners and advocates for Comcast products, technologies, and digital tools.
• Collaborate effectively and openly with cross‑functional teams.
• Participate actively in the Net Promoter System to elevate customer and employee feedback.
• Deliver results, support an inclusive culture, and operate with integrity in all decisions and actions.

Disclaimer

This job description outlines the general scope and responsibilities of the role. It is not an exhaustive list of all duties, responsibilities, or qualifications required.