Project Manager – PCI DSS Compliance Upgrade

Position: Project Manager PCI DSS Compliance Upgrade

Location: Kuala Lumpur

Duration: Permanent

Role Overview

The Project Manager will be responsible for leading and managing the bank's PCI DSS compliance upgrade initiative from version 3.2.1/3.2.1.4 to 4.0.1. The role requires strong knowledge of PCI DSS standards, project management expertise, and coordination skills across IT, cybersecurity, compliance, and business stakeholders. The Project Manager will ensure that all technical, security, regulatory, and business requirements are met within agreed timelines and budgets.

Key Responsibilities

Project Planning & Execution

o Develop and manage the project plan for PCI DSS upgrade (from 3.2.1/3.4 to 4.0.1).

o Define scope, deliverables, timelines, and resource requirements.

o Ensure alignment with Bank and regulatory compliance requirements.

Stakeholder Management

o Work closely with IT, Cybersecurity, Risk, Compliance, Internal Audit, and external Qualified Security Assessors (QSA).

o Manage vendor relationships and third-party service providers supporting the PCI DSS implementation.

o Provide regular updates to senior management, steering committees, and regulators (if required).

Technical & Compliance Oversight

o Coordinate with system/application owners to implement PCI DSS 4.0.1 requirements.

o Oversee security gap analysis, remediation plans, and migration of controls from 3.4 to 4.0.1.

o Ensure network segmentation, encryption, authentication, and monitoring are aligned with new PCI DSS mandates.

o Support development of updated security policies, procedures, and evidence for QSA audits.

Risk & Issue Management

o Identify project risks, issues, and dependencies; develop mitigation plans.

o Track compliance progress against PCI DSS 4.0.1 milestones.

Testing & Certification

o Coordinate readiness assessments, penetration testing, vulnerability assessments, and remediation activities.

o Ensure timely completion of the formal PCI DSS certification by the appointed QSA.

Documentation & Reporting

o Maintain accurate project documentation, compliance evidence, and audit trails.

o Prepare and present project status reports, risk logs, and compliance dashboards.

Key Requirements

Education:

o Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field.

o PMP / PRINCE2 certification preferred.

Experience:

o Minimum 810 years of IT Project Management experience, preferably in the banking/financial services sector.

o Proven track record managing PCI DSS compliance projects (upgrade or new implementation).

o Experience working with QSA firms, auditors, and regulators.

o Strong knowledge of payment card systems, encryption, key management, firewalls, IDS/IPS, and SIEM solutions.

Skills:

o Strong stakeholder management and communication skills.

o Ability to manage multiple streams of technical and compliance work.

o Familiar with BNM regulations and Malaysian banking security frameworks.

o Hands-on understanding of cybersecurity standards (ISO 27001, NIST, etc.) an advantage.

Key Deliverables

PCI DSS Gap Analysis Report (from 3.4 to 4.0.1).

Remediation plan and execution tracking.

Updated policies, procedures, and technical configurations aligned with v4.0.1.

Successful completion of PCI DSS 4.0.1 certification by QSA.