Wayfair is a leader in the e-commerce space for all things home. Using technology and data to create a best-in-class experience for our customers gives us a competitive advantage in the global homegoods market!
Our Security, Privacy, and Risk Management team is responsible for ensuring the security, confidentiality, and integrity of Wayfair customer, employee, supplier, and company information. We take compliance seriously and we partner with each business to implement security requirements and to identify potential risks and devise plans for addressing them. We support risk-based strategies and enable the business to move quickly and to maintain our customer-first culture while maintaining compliance with regulatory requirements.
Were looking for an experienced and driven individual to support Wayfairs compliance program. The PCI Compliance Sr. Specialist will report into the Sr. Manager of Risk & Compliance and will be primarily responsible for securing customer credit card information and cardholder data flows. This individual will also play a key role in supporting the strategy, design, and execution of Wayfairs overall IT & security compliance maturity framework.
As a successful PCI practitioner, youll leverage your critical thinking skills, collaboration skills, and PCI DSS expertise to design and implement controls that will safeguard Wayfairs cardholder data environment. The ideal candidate has demonstrated experience in ensuring compliance with industry standards, educating stakeholders and advocating for security best practices, and is able to influence the compliance strategy by making decisions on ambiguous and complex problems with minimal direction.
- Act as a subject matter expert to mitigate risk to Wayfairs cardholder data environment and customer payment acceptance and processing flows.
- Serve as an internal consultant to scope, design, and implement technical PCI DSS requirements, including network segmentation, tokenization, encryption, authentication and authorization, logging and monitoring, vulnerability management, penetration testing, and incident escalation and management.
- Oversee the annual PCI audit, including any required remediation of control gaps identified and escalation of possible critical issues to senior management of the company as necessary; act as a cross-functional project manager to support Wayfairs external QSA and ensure internal teams are prepared and held accountable for deliverables & due dates needed to meet annual compliance requirements.
- Liaison internally with Wayfairs Security Engineering, Infrastructure, Payments Engineering, and Customer Engineering teams to educate on compliance requirements and best practices.
- Manage and periodically review third party vendors that support Wayfairs PCI implementation and approach.
- Design, build, and execute periodic PCI compliance assessments within Wayfairs enterprise risk management platform; manage compliance risks and provide guidance for remediation efforts.
- Support the design and execution of additional security frameworks requirements (NIST, GDPR, CCPA, and ISO) and apply those requirements to a modern continuous-deployment software delivery organization.
- Keep current on changes to compliance standards and serve as a forward-thinking change agent in the application of requirements against an evolving technology stack.
Preferred Skills & Knowledge:
- Demonstrated knowledge and experience with current PCI DSS requirements
- Ability to handle multiple projects and navigate ambiguity in a fast paced, hyper growth environment
- Ability to take direction and/or work independently in a scaling and rapidly changing environment
- Knowledge of risk management governance standards
- Ability to partner cross-functionally and excellent ability to organize, communicate, and build relationships
- Ability to effectively communicate and collaborate throughout all levels, regions, and organizations within Wayfair
- Excellent written and verbal communication and project management skills with a professional demeanor
- Highly organized and motivated to lead initiatives and complete projects
- Ability to provide consulting services in areas of expertise
- 6-8 years of QSA or relevant experience, preferably for a technology or retail company
- PCI Professional (PCIP) certification preferred
- Experience with cloud environments, GCP preferred
- Experience using GRC tools
About Wayfair Inc.
Wayfair is one of the worlds largest online destinations for the home. Whether you work in our global headquarters in Boston or Berlin, or in our warehouses or offices throughout the world, were reinventing the way people shop for their homes. Through our commitment to industry-leading technology and creative problem-solving, we are confident that Wayfair will be home to the most rewarding work of your career. If youre looking for rapid growth, constant learning, and dynamic challenges, then youll find that amazing career opportunities are knocking.
No matter who you are, Wayfair is a place you can call home. Were a community of innovators, risk-takers, and trailblazers who celebrate our differences, and know that our unique perspectives make us stronger, smarter, and well-positioned for success. We value and rely on the collective voices of our employees, customers, community, and suppliers to help guide us as we build a better Wayfair and world for all. Every voice, every perspective matters. Thats why were proud to be an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or genetic information.