1

Pci Auditor Jobs (NOW HIRING)

PCI DSS Internal Controls, Senior Manager

New York, NY ยท On-site

$92K - $114K/yr

The PCI DSS Internal Controls Senior Manager plays a key role in the continued development ... Facilitate external auditors with performance or independent testing and coordination with process ...

PCI DSS Internal Controls, Senior Manager

Bethesda, MD ยท On-site

$90K - $112K/yr

The PCI DSS Internal Controls Senior Manager plays a key role in the continued development ... Facilitate external auditors with performance or independent testing and coordination with process ...

PCI DSS Internal Controls, Senior Manager

Chicago, IL ยท On-site

$87K - $108K/yr

The PCI DSS Internal Controls Senior Manager plays a key role in the continued development ... Facilitate external auditors with performance or independent testing and coordination with process ...

Avertium is seeking a PCI subject matter expert for our Risk & Compliance consulting practice. The ... Auditor experience * Strong documentation skills * Strong interpersonal skills * Flexibility and ...

PCI Compliance Lead

Lafayette, IN ยท On-site

$98K - $199K/yr

Serve as the primary point of contact across stakeholders, auditors, third parties, and regulators offering technical and business expertise on PCI compliance and data security processes.

PCI Compliance Lead

Lafayette, IN ยท On-site

$98K - $199K/yr

Serve as the primary point of contact across stakeholders, auditors, third parties, and regulators offering technical and business expertise on PCI compliance and data security processes.

Job Title: IT Auditor II and cybersecurity Location: Austin, TX (Hybrid ) Duration: 5+ Months Mode ... 2, PCI-DSS). * Collect and analyze evidence such as policies, configurations, logs, and access ...

As a Senior Consultant, you will regularly interact with peers and clients as both an auditor and ... Current PCI-QSA certification preferred (will consider former QSA) * One of the following ...

SUMMARY The Auditor (production) is responsible for maintaining a complete audit trail of card ... Enforce compliance with internal audit procedures and industry regulations, including PCI standards ...

As a Senior Consultant, you will regularly interact with peers and clients as both an auditor and ... Current PCI-QSA certification preferred (will consider former QSA) * One of the following ...

SUMMARY The Auditor (production) is responsible for maintaining a complete audit trail of card ... Enforce compliance with internal audit procedures and industry regulations, including PCI standards ...

next page

Showing results 1-20

Pci Auditor information

See salary details

$10

$19

$46

How much do pci auditor jobs pay per hour?

As of Jul 2, 2026, the average hourly pay for pci auditor in the United States is $19.21, according to ZipRecruiter salary data. Most workers in this role earn between $14.42 and $19.23 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a PCI Auditor, and why are they important?

To thrive as a PCI Auditor, you need a deep understanding of information security, risk assessment, and compliance frameworks, typically supported by a relevant degree and certifications such as PCI Qualified Security Assessor (QSA) or Certified Information Systems Security Professional (CISSP). Familiarity with security assessment tools, vulnerability scanners, and PCI DSS documentation systems is essential. Strong analytical thinking, attention to detail, and effective communication skills help you interpret standards and convey findings to clients or internal teams. These competencies ensure accurate, thorough assessments and help organizations maintain compliance and protect sensitive payment card data.

How to become a PCI auditor?

To become a PCI auditor, you typically need relevant experience in information security or IT auditing, along with knowledge of PCI Data Security Standard (DSS) requirements. Earning certifications such as PCI Professional (PCIP) or Certified Information Systems Auditor (CISA) can enhance credibility. Additionally, gaining experience in security assessments and understanding compliance processes is essential for performing PCI audits effectively.

Is Cisa an entry level job?

CISA (Certified Information Systems Auditor) is a certification, not a job title, and it is typically pursued by professionals with some experience in IT auditing or security. Entry-level positions in cybersecurity or auditing may require or prefer candidates to have a CISA certification, but the certification itself is usually obtained after gaining relevant work experience. Therefore, CISA is not an entry-level job but a credential that can enhance qualifications for more advanced roles.

What are PCI Auditors?

PCI Auditors are professionals who assess and verify whether organizations comply with the Payment Card Industry Data Security Standard (PCI DSS). They conduct thorough evaluations of a company's policies, procedures, systems, and physical security to ensure credit card data is protected against theft and breaches. Typically, PCI Auditors are Qualified Security Assessors (QSAs) certified by the PCI Security Standards Council. Their work helps organizations maintain secure payment environments and avoid costly fines or reputational damage resulting from non-compliance.

What is the difference between Pci Auditor vs Pci Compliance Analyst?

AspectPci AuditorPci Compliance Analyst
CertificationsPCI Auditor Certification, CPA, or relatedPCI DSS certifications, Compliance certifications
Work EnvironmentAudit firms, consulting agencies, or internal audit teamsFinancial institutions, retail companies, or IT departments
ResponsibilitiesConducting PCI audits, assessing compliance, reporting findingsMonitoring PCI compliance, implementing policies, supporting audits

The main difference is that Pci Auditors primarily conduct formal PCI audits and assessments, while Pci Compliance Analysts focus on maintaining ongoing PCI compliance and supporting audit processes. Both roles require similar certifications and work in related environments, but their core functions differ in scope and focus.

What are some common challenges faced by PCI Auditors during an assessment, and how can they be addressed?

PCI Auditors often encounter challenges such as incomplete documentation, lack of staff preparedness, and varying interpretations of PCI DSS requirements across organizations. To address these, it's helpful to maintain clear communication with stakeholders, conduct pre-assessment readiness reviews, and stay updated on the latest PCI DSS standards. Collaborating closely with IT and compliance teams can also help ensure smoother assessments and accurate reporting, ultimately supporting both compliance and security goals.

What is a PCI auditor called?

A PCI auditor is a professional responsible for assessing an organization's compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements. They are often certified as PCI Qualified Security Assessors (QSAs) and evaluate security controls, policies, and procedures related to payment card data protection.

Is an auditor a high paying job?

Pci auditors typically earn competitive salaries, especially with relevant certifications like CPA or CISA and experience in cybersecurity or compliance. Salaries vary by industry, location, and level of expertise but are generally considered above average compared to many entry-level roles.
More about Pci Auditor jobs
What cities are hiring for Pci Auditor jobs? Cities with the most Pci Auditor job openings:
What states have the most Pci Auditor jobs? States with the most job openings for Pci Auditor jobs include:
Infographic showing various Pci Auditor job openings in the United States as of June 2026, with employment types broken down into 2% As Needed, 81% Full Time, 13% Part Time, 3% Contract, and 1% Nights. Highlights an 88% Physical, 5% Hybrid, and 7% Remote job distribution, with an average salary of $39,947 per year, or $19.2 per hour.
PCI DSS SAQ D Service Provider Lead

PCI DSS SAQ D Service Provider Lead

FYI For Your Information Inc

Silver Spring, MD โ€ข Remote

Full-time

Retirement

Posted 13 days ago


Job description

FYI - For Your Information, Inc. is an SBA certified, Woman-Owned Small Business and GSA schedule holder that is a premier provider of Human Capital, Training, and Information Technology services. We have won awards for being a Great Place to Work and continue to make ground-breaking advancements. For four years in a row, we have been on Inc. Magazine's 5000 list and were recently named one of Inc.'s 2024 Mid-Atlantic Fastest Growing companies.

About the role

FYI is seeking a PCI DSS SAQ D Service Provider Lead to support an active PCI compliance program for a SaaS/cloud/payment-adjacent environment. This role will own the PCI domain in a fractional capacity, including PCI scoping support, evidence sufficiency review, quarterly scan cadence, penetration testing evidence, remediation tracking, and responses to auditors, QSAs, processors, banks, or other requesting entities. The right candidate has done this work before and can drive their lane without constant prompting.

Essential responsibilities and duties

  • Support PCI DSS SAQ D Service Provider readiness, scoping, evidence review, and control interpretation.
  • Review PCI scope assumptions, in-scope systems, applications, integrations, service providers, and payment/data-flow considerations.
  • Coordinate and review evidence for quarterly external ASV scans and internal vulnerability scans.
  • Coordinate PCI-relevant penetration testing evidence, including scope, rules of engagement, final report review, remediation, and retest evidence.
  • Review evidence for file integrity monitoring, encryption, MFA, IAM, logging, monitoring, change control, secure development, vulnerability management, and remediation tracking where relevant to PCI DSS.
  • Identify weak, incomplete, stale, unclear, or nonresponsive evidence before submission.
  • Draft or review PCI-related auditor, QSA, processor, or requesting-entity responses.
  • Support tracking of PCI remediation items, exceptions, compensating-control discussions, and risk acceptance needs.
  • Help define and maintain recurring PCI compliance cadence, including quarterly scans and annual validation activities.
  • Provide concise written status updates, blockers, risks, and next actions to the project manager and CISO/vCISO.

Required qualifications

  • 8+ years of cybersecurity, GRC, IT audit, compliance, security consulting, or related experience.
  • Direct hands-on experience supporting PCI DSS assessments.
  • Direct experience with PCI DSS SAQ D; Service Provider experience is strongly preferred.
  • Experience with SaaS, cloud-hosted, fintech, payment, or payment-adjacent environments.
  • Working knowledge of ASV scanning, internal vulnerability scanning, penetration testing evidence, vulnerability remediation, IAM/MFA, encryption, logging, monitoring, FIM, change control, and secure development requirements.
  • Ability to translate PCI requirements into practical tasks for engineering, IT, security, and business stakeholders.
  • Strong written communication skills and ability to produce audit-ready summaries and responses.
  • Ability to work through ambiguity and distinguish sufficient evidence from weak or incomplete evidence.

Nice to have

  • Prior QSA, ISA, or QSA-firm experience.
  • PCI DSS v4.x experience.
  • CISA, CISSP, CISM, Security+, or equivalent certification.
  • Experience with Drata, Vanta, Secureframe, Hyperproof, Jira, Confluence, AWS, Azure, GCP, or similar platforms.
  • SOC 2 familiarity, especially where controls overlap with PCI DSS.

Expected deliverables

  • PCI DSS SAQ D evidence and gap tracker inputs.
  • PCI scope notes, assumptions, and issue summaries.
  • ASV and internal vulnerability scan evidence checklists.
  • Penetration testing evidence checklist and report sufficiency review notes.
  • PCI remediation tracker updates and risk summaries.
  • PCI auditor/requesting-entity response drafts.
  • PCI quarterly and annual compliance calendar inputs.

Operating style required

This role requires a senior operator who can own the PCI lane in a fractional capacity. The contractor must communicate clearly, document next actions, identify blockers early, and coordinate through the project manager. This is not a casual side task. Responsiveness, ownership, and clean written work product are required.

FYI's Benefits/Incentives: What is in it for you?

  • Opportunity to work a hybrid work schedule
  • A knowledgeable, high-achieving, diverse, experienced, and fun team.
  • The chance to be part of a rapidly growing company and the next success story.
  • A competitive base salary with a loaded benefits package plus 401K.
  • Tuition/education assistance, personal computer allowance, pet insurance.