• Own and manage end-to-end PCI DSS and SWIFT CSCF programs, including scope maintenance, control applicability, compensating controls, authoritative documentation, and annual assessment readiness. • Operate continuous compliance and evidence management, maintaining a validated, audit-ready evidence library in our GRC Platform with structured refresh cadences for all PCI/SWIFT controls. • Provide scoping, segmentation, and architecture governance by partnering with Engineering and Cloud Ops to review CDE boundaries, trust zones, architectural changes, and enforce required technical controls. • Monitor and validate technical security controls across IAM, encryption, segmentation, logging/monitoring, vulnerability management, and incident response; maintain control monitoring logs and drive hardening improvements. • Lead internal-facing audit support and remediation governance, partnering with QSA/CSCF assessors, preparing audit populations, managing walkthroughs, and driving remediation tracking, prioritization, and validated closure. • Maintain system-of-record documentation and emerging standards readiness, ensuring PCI/SWIFT artifacts meet regulatory expectations while monitoring framework updates, leading impact analyses, and planning for new requirements.