Contract PCI DSS Consultant - Merchant Compliance

About ProArch:

At ProArch, we partner with businesses around the world to turn big ideas into better outcomes through IT services that span cybersecurity, cloud, data, AI, and app development. We’re 400+ team members strong across 3 countries (we call ourselves ProArchians)—and here’s what connects us all:

• A love for solving real business problems
• A belief in doing what’s right

What’s it like to work here?

• You’ll keep growing. You’ll work alongside domain experts who love to share what they know.
• You’ll be supported, heard, and trusted to make an impact.
• You’ll take on projects that touch industries, communities, and lives.
• You’ll have the time to focus on what matters most in your life outside of work.

At ProArch, you’ll be part of teams that design and deliver technology solutions solving real business challenges for our clients. With services spanning AI, Data, Application Development, Cybersecurity, Cloud & Infrastructure, and Industry Solutions, your work may involve building intelligent applications, securing business‑critical systems, or supporting cloud migrations and infrastructure modernization.

Every role here contributes to shaping outcomes for global clients and driving meaningful impact. You’ll collaborate with experts across data, AI, engineering, cloud, cybersecurity, and infrastructure—solving complex problems with creativity, precision, and purpose. You’ll join a culture rooted in technology, curiosity, and continuous learning. A place where we move fast, trust you to make an impact, encourage innovation, and support your growth.

Job Description:

We are seeking an experienced PCI DSS Consultant to support a merchant client in achieving and validating PCI DSS v4.0.1 compliance. The consultant will work closely with the client's internal teams and Qualified Security Assessor (QSA) to perform scope validation, gap assessments, remediation support, and compliance readiness activities.

The engagement focuses on a mobile payment channel operating in a hybrid (cloud and on-premises) environment, where core banking and payment processing services are outsourced to a third-party provider.

Key Responsibilities

• Conduct PCI DSS v4.0.1 gap assessments, readiness reviews, and remediation activities.
• Validate PCI scope and identify opportunities for Cardholder Data Environment (CDE) reduction.
• Assess merchant-owned environments across cloud and hybrid infrastructures (AWS, Azure, or GCP).
• Review mobile payment architectures, payment SDKs, hosted payment pages, and payment security controls.
• Support implementation of PCI DSS v4.0.1 requirements, including payment page security, MFA, authenticated scanning, and targeted risk analysis.
• Prepare compliance evidence and coordinate with the client's QSA during assessments.
• Provide remediation recommendations and support stakeholders through compliance activities.
• Create assessment reports, documentation, and compliance status updates.

Requirements

• Proven hands-on experience delivering PCI DSS v4.0.1 gap assessments, readiness, and remediation engagements.
• Strong understanding of PCI DSS scoping, CDE reduction, and all SAQ types.
• Experience working with merchants that utilize outsourced payment processing providers.
• Knowledge of cloud security and shared responsibility models across AWS, Azure, or GCP.
• Experience with mobile payment channels, payment SDKs, and hosted payment page architectures.
• Familiarity with PCI DSS v4.0.1 future-dated requirements now in effect.
• Experience supporting QSA-led assessments and audit evidence collection.
• Excellent communication, stakeholder management, and documentation skills.
• Ability to collaborate across US, India, and APAC time zones.

Preferred Certifications

• PCIP / ISA
• CISSP
• CISM
• CCSP
• Cloud Security Certifications (AWS, Azure, or GCP)