Cybersecurity Engineer - GRC

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

As a key member of the Cybersecurity Governance, Risk & Compliance (GRC) and M&A Integration team, the Cybersecurity Engineer – GRC will lead and support initiatives in IT compliance and risk management.  Reporting directly to the Director of Cybersecurity, this position seeks a self-motivated professional with demonstrated expertise in PCI DSS and/or PCI 3DS as well as SOC 2. The successful candidate will utilize AI-driven tools and develop custom automation scripts to efficiently gather audit evidence, parse data, assess control deficiencies, and produce actionable recommendations.

• Oversee and coordinate security and compliance assessments, including PCI DSS, PCI 3DS, and SOC 2, involving preparation, evidence collection, stakeholder coordination, and remediation of identified gaps.
• Leverage AI and automation platforms to streamline audit evidence collection, control testing, and reporting procedures.
• Develop, maintain, and update automation scripts (using Python or other scripting/programming languages) for data extraction and analysis, control validation, and audit workflow optimization.
• Independently manage compliance activities such as penetration testing, ASV scanning, and re-testing cycles.
• Collaborate with technical and product teams to conduct security assessments, ensuring code and infrastructure changes align with PCI DSS and 3DS standards.
• Respond to client, partner, and third-party security assessments through timely communication and comprehensive responses.
• Refine GRC processes to enhance efficiency, scalability, and accuracy.
• Monitor emerging data security regulatory requirements and evolving IT and cybersecurity trends.

This is a hybrid position. Expectations of days in the office will be confirmed by your Hiring Manager.

Basic Qualifications:
●2 + years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience. Masters graduates must have 2+ years of relevant work experience to qualify.

Preferred Qualifications:
●3 or more years of work experience with a Bachelor’s Degree in Computer Science, Information Security, Management Information Systems, or another related field, or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD).
●Skilled in Python, PowerShell, or similar scripting/programming languages for automating data collection, validation, and reporting.
●Proficient in utilizing advanced AI solutions, including Copilot Researcher and ChatGPT, as well as automation platforms such as Power BI, LangChain, AuditBoard, and ServiceNow, to enhance GRC processes and other security-focused workflows.
●Demonstrated expertise with PCI DSS and/or PCI 3DS standards and SOC 2 controls.
●Strong working knowledge of audit and compliance processes, including controls testing and evidence lifecycle management.
●Proven ability to work independently with minimal supervision, while also collaborating effectively across teams.
●Strong communication, planning, and organizational skills.
●Must be highly flexible and able to manage multiple tasks and priorities.
●CRISC, CISM, CISA, PCIP, and/or CISSP certifications preferred.

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.

U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 116,500.00 to 164,500.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.