Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management (RoC/SAQ, QSAs). Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking Support and maintain ISO 27001 ISMS, including risk assessments, SoA, internal audits, and continuous improvement activities Develop and enforce security policies, standards, and procedures aligned with PCI DSS, SOC 2, and ISO 27001 Partner with Security, Platform, and Application teams to ensure controls are technically implemented and continuously operating Collaborate with Security Architecture to review and validate security exceptions and ensure compliance alignment Track, review, and periodically reassess approved exceptions to minimize long-term risk exposure Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews Evaluate vendor compliance posture, including PCI DSS requirements, and define remediation or contractual controls Design and manage scalable GRC workflows for risk assessments, vendor reviews, evidence management, and control testing Perform business impact analysis and support BCDR planning and tabletop exercises Prepare and present risk, compliance, and third-party security reports to senior leadership Translate technical risks into business-impact language to support decision-making