I have experience leading end to end PCI Compliance for companies of varied sizes, and I am very well versed with both Security and Compliance aspects. I have led end to end execution of PCI Compliance for a Fintech company in the US, and most recently an online travel company (US based) but headquartered in Amsterdam. By end to end I mean working with various stakeholders to:

1. Identify whether we are a merchant or an acquirer depending on the business model and the manner in which we accept cardholder data

2. Working with various stakeholders to Identify where card holder resides and map out the entire cardholder data flow diagram

3. Working with various stakeholders to Identify which systems store, process or transmit cardholder data and building an inventory of those

4. Making those systems compliant against the applicable 12 requirements from DSS v3.2.1

5. Establishing controls for continuous monitoring in Service Now (GRC Tool)

6. Working with an external Qualified Security Assessor (QSA) to conduct interviews during assessments

7. Collecting evidence for submission and establishing lines of communications for back and forth clarifications.

8. Obtaining final AoC/RoC