PCI Compliance Lead

Old National Bank has been serving clients and communities since 1834. With over $70 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.

We continually seek highly motivated and talented individuals as our people are critical to our success. In return, we offer competitive compensation with our salary and incentive program, in addition to medical, dental, and vision insurance. 401K, continuing education opportunities and an employee assistance program are also included in our benefit suite. Old National also offers a variety of Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization. We offer a unique opportunity to join a growing, community and client-focused company that is firmly rooted in its core values.

The PCI Compliance Manager role is responsible for leading the organization's PCI Compliance Program including Payment Card Industry Data Security Standard (PCI-DSS). This position ensures compliance with PCI Standards and PCI-DSS requirements to protect cardholder data and maintain secure payment environments. This role requires a strategic approach to compliance management, ensuring that PCI-DSS controls are effectively implemented, maintained, and continuously improved. The PCI Compliance Manager collaborates with various internal and external stakeholders to uphold the security of payment card data, drive risk mitigation initiatives, and align compliance efforts with broader information security objectives.

Salary Range

The annual salary range for this position is $98,400-$199,000 plus incentive bonus. The base salary indicated for this position reflects the compensation range applicable to all levels of the role across the United States. Actual salary offers within this range may vary based on a number of factors, including the specific responsibilities of the position, the candidate's relevant skills and professional experience, educational qualifications, and geographic location.

Key Accountabilities

Program Governance

Develop, manage, and maintain Old National Bank's PCI Compliance Program, including PCI-DSS and all applicable PCI standards.
• Lead continuous improvement of PCI-related policies, standards, procedures, and supporting documentation.
• Provide guidance on impacts related to new technologies, infrastructure, processes, and partnerships, ensuring program alignment and adherence.
• Drive education, communication, and training initiatives which promote behaviors which reduce risk and reinforce a strong information security and risk management culture.
• Serve as the primary point of contact across stakeholders, auditors, third parties, and regulators offering technical and business expertise on PCI compliance and data security processes.
• Collaborate with first-line teams and risk offices on control design, refinement, and implementation of PCI-related safeguards.
• Coordinate with Procurement and Third-Party Risk Management to evaluate and track PCI compliance obligations for vendors and partners.

Program Assessment & Compliance

• Collaborate with first-line partners to identify and implement PCI security requirements.
• Perform PCI assessments to support compliance, safeguard cardholder data, reduce security risk, and strengthen overall security posture.
• Conduct control testing to evaluate effectiveness and identify gaps, providing actionable recommendations.
• Ensure ASV scans, penetration testing, and related remediation activities occur within required timelines.
• Communicate findings, escalate concerns based on risk level, and manage timely remediation of PCI compliance issues.
• Manage PCI audits, including evidence gathering, issue socialization, and support for remediation activities.

Program Monitoring

• Perform ongoing monitoring of the PCI Compliance Program and PCI-DSS standards, including assessing impacts of changes.
• Create and maintain PCI compliance dashboards, scorecards, and KPIs to monitor program effectiveness and risk trends.
• Develop and deliver reporting on PCI compliance status, risks, control performance, and emerging issues ensuring clear communication of PCI compliance posture.

Other General Responsibilities

• Stay current with industry regulations, frameworks, and best practices such as PCI, ISO27XXX, NIST, CRI, SCF, GLBA, and SOX. Proactively support identification of emerging compliance issues and recommended information security and technology risk improvements.
• Maintaining a positive and professional working relationship with peers, management, and support resources, with a constant commitment to teamwork and exemplary customer service.
• Participate in departmental activities including meetings, updates, planning, and reporting.
• Support other information security and technology risk duties assigned.

Key Competencies for Position

• Planning, Organization, and Execution: Demonstrated ability to drive enterprise-wide initiatives, providing strategic direction and influencing cross-functional teams. Ability to effectively prioritize, track, and execute tasks in a consistent and timely manner while simultaneously managing multiple assignments. Thorough in accomplishing a task through concern for all the areas involved, no matter how small. Monitors and checks work on information and plans while organizing time and resources efficiently. Adapts well to changes in assignments and priorities; yet, can maintain focus and stay current with day-to-day responsibilities. Committed to achieving established goals and overcoming obstacles. Ability to independently prioritize and manage complex, multi-phase compliance initiatives with minimal oversight.
• Problem Solving/Decision Making - Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables. Able to identify issues and potential risks; incorporates input from multiple sources (e.g., lines of business, subject matter experts, industry leaders, data, policies, procedures, etc.) to ensure complete views determining an effective course of action and to promote shared ownership; decisions are sound based on what was known at the time and are based on a blend of analysis, wisdom, experience, and judgement.
• Communication: Ability to present ideas, decisions, and recommendations effectively to all levels of management in a clear and professional manner, including excellent written, oral communication, and interpersonal skills. Ability to confidently educate and advise senior leaders.
• Technical Knowledge: Possesses the required technical knowledge to perform the role effectively; ability to comprehend new information rapidly in the everchanging technical landscape; desire for continuous learning to adapt to emerging risks and threats.

Qualifications and Education Requirements

• Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business, or a related field
• 7+ years of experience in compliance, risk management, or information security, with a strong focus on PCI-DSS
• Direct experience building a PCI Compliance Program and managing the PCI-DSS compliance lifecycle from readiness to certification
• Experience working with QSA firms in a regulated environment
• Experience with frameworks and best practices such as ISO27XXX, NIST CSF, CRI, SCF
• Excellent project management, leadership, and communication skills
• Achieved or in pursuit of a globally recognized information security certification such as PCI Internal Security Assessor (ISA), PCI Professional (PCIP), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent preferred
• Formal project or program management certification (e.g., PMP, PgMP) strongly preferred

Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.

As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.

We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Director of Talent Acquisition, SVP, to fill a specific position.

Our culture is firmly rooted in our core values.

We are optimistic. We are collaborative. We are inclusive. We are agile. We are ethical.

We are Old National Bank. Join our team!