Need help hiring top legal talent? Contact our team.
Company logo

Information Security Governance Risk and Compliance Manager

$117,000- $155,000
Posted Jul 05
Full Time
Portland, Maine

This is a remote position. For consideration, one must live within 30 miles of the following company HUBS:

  • Portland, ME
  • Washington, DC
  • Boston, MA,
  • Dallas, TX
  • Bay Area

About The Team

The WEX Information Security Governance Rick & Compliance Team promotes security policy and standards throughout WEX by establishing and maintaining security policies and standards, delivering cybersecurity awareness and training activities and anti-spear phishing simulation campaigns and executing Vendor/Supply Chain security risk management processes. Additionally, the team is responsible for managing PCI-DSS, HITRUST, SOX, SOC, FDIC, and customer audits across all lines of business and providing security evidence to support audit and customer inquiries.

How you’ll make an impact

  • Lead and manage the PCI DSS compliance program, including annual assessments, remediation activities, and continuous monitoring.
  • Coordinate and conduct internal audits to ensure compliance with PCI DSS requirements.
  • Develop, implement, and maintain PCI policies, procedures, and documentation.
  • Collaborate with various departments, including IT, legal, and operations, to ensure compliance with PCI DSS.
  • Manage relationships with external Qualified Security Assessors (QSAs) and facilitate on-site assessments.
  • Monitor and report on compliance status, risks, and issues to senior management.
  • Provide training and guidance to staff on PCI DSS requirements and best practices.
  • Stay current with changes in PCI DSS and related security standards, ensuring timely updates to compliance programs.
  • Participate in incident response efforts related to payment card security breaches.

Experience you’ll bring

  • Bachelor’s degree in Information Security, Computer Science, or related field. Will consider 8 to 10 years of relevant experience in lieu of degree.
  • Minimum of 5 years of experience in information security, with a focus on PCI DSS compliance.
  • In-depth knowledge of PCI DSS requirements and the audit process.
  • Experience managing PCI DSS compliance programs and leading assessments.
  • Strong understanding of information security principles, risk management, and regulatory requirements.
  • Relevant certifications such as CISSP, CISA, CISM, or PCI Professional (PCIP) are highly desirable.
  • Excellent analytical, problem-solving, and project management skills.
  • Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
  • Detail-oriented and able to handle multiple priorities in a fast-paced environment.

The base pay range represents the anticipated low and high end of the pay range for this position. Actual pay rates will vary and will be based on various factors, such as your qualifications, skills, competencies, and proficiency for the role. Base pay is one component of WEX's total compensation package. Most sales positions are eligible for commission under the terms of an applicable plan. Non-sales roles are typically eligible for a quarterly or annual bonus based on their role and applicable plan. WEX's comprehensive and market competitive benefits are designed to support your personal and professional well-being. Benefits include health, dental and vision insurances, retirement savings plan, paid time off, health savings account, flexible spending accounts, life insurance, disability insurance, tuition reimbursement, and more. For more information, check out the "About Us" section.

Pay Range: $117,000.00 - $155,000.00