Principal Consultant - GRC Compliance - PCI

ABOUT KALLES GROUP:

Everyone deserves to be secure. Our mission at Kalles Group is to help secure the future for companies of all shapes and sizes.

While our expertise spans multiple disciplines, our method remains consistent: building trust and relationship with people -- whether you are a client, a consultant, or--in this case--a candidate.

No matter what role you come from--whether you're an executive or just starting your career-you can expect our highest level of attention and respect. We want to find the right fit for each role, but we also want you to find the right fit for your career.

We believe the best way to show you what our team is like is to treat you like you're already a part of it. We hope you'll consider joining our team of experienced professionals who are building their careers at Kalles Group—and having fun while doing it.

*****THIS ROLE IS ON-SITE IN SEATTLE, WA******

WHAT YOU WILL DO: 

As a Principal GRC Compliance Consultant – PCI, you will support our client’s Governance, Risk, and Compliance (GRC) program by designing and leading enterprise compliance initiatives across complex technology environments. In this role, you will play a critical part in strengthening the organization’s PCI DSS compliance program while helping integrate compliance practices across broader regulatory domains.

You will work closely with senior stakeholders, auditors, and technical teams to translate complex technology architectures—including hybrid on-premises and cloud environments—into clear, actionable compliance requirements. Your responsibilities will include shaping compliance assessment methodologies, establishing operational standards, and helping embed compliance practices directly into the organization’s technology ecosystem. This position requires a strategic thinker who can balance regulatory rigor with practical implementation, ensuring programs remain scalable, audit-ready, and aligned with business objectives.

KEY RESPONSIBILITIES: 

• Lead the development and maturation of the organization’s PCI DSS compliance program, including policies, procedures, governance structures, and operational workflows

• Design and implement enterprise compliance assessment methodologies that support multiple regulatory frameworks while aligning with business priorities

• Establish operational standards, documentation practices, and quality controls that ensure consistent compliance execution across teams

• Define and implement KPIs and KRIs to measure compliance program effectiveness and regulatory risk exposure

• Partner with engineering and infrastructure teams to perform technical scoping and de-scoping activities within PCI environments spanning both cloud and on-premises infrastructure

• Implement integrated compliance controls across technology and business domains to ensure comprehensive regulatory coverage

• Serve as a key liaison with internal audit, external auditors, and regulatory stakeholders, representing the organization’s compliance posture and remediation activities

• Manage third-party compliance engagements, regulatory examinations, and advisory initiatives

• Facilitate workshops with senior leaders and technical teams to address complex compliance requirements and risk decisions

• Drive cross-functional collaboration across Legal, IT, Finance, Security, and business teams to ensure regulatory alignment

• Provide guidance and education to stakeholders on evolving regulatory requirements and compliance best practices

ABOUT YOU:

• Your values:
  • Integrity: You believe in doing the right thing, even when it's uncomfortable, seemingly inefficient, or costly.
  • Purposefulness: You have a desire to serve others with your skillset and an openness to continuous learning and growth.
  • Ownership: You stick to your commitments, follow up with action, and seek clarity in communication & expectations.

YOUR EXPERIENCE:

Required Qualifications

• 6–8 years of experience in regulatory compliance, GRC, or cybersecurity compliance programs

• At least 2 years of direct experience leading or building PCI DSS compliance programs

• Demonstrated experience designing and implementing enterprise compliance methodologies across multiple regulatory frameworks

• Hands-on experience working with PCI environments across hybrid infrastructure (cloud and on-premises)

• Experience conducting technical scoping and de-scoping exercises to define PCI in-scope systems and environments

• Experience developing or managing Common Control Framework (CCF) programs

• Proven success leading cross-functional compliance initiatives involving engineering, security, legal, and business stakeholders

• Strong understanding of compliance frameworks such as PCI DSS v4.0, NIST, CIS, SOX, HIPAA, CCPA, or similar regulatory standards

• Experience testing or validating technical and security controls

• Knowledge of enterprise compliance architecture and integrated control frameworks

• Experience designing compliance workflows and improving operational processes within GRC programs

• Exceptional written and verbal communication skills, including the ability to communicate effectively with technical teams, leadership, auditors, and regulators

• Ability to operate autonomously, manage escalations, and drive results in complex enterprise environments

Preferred Qualifications

• Professional certifications such as CISA, CRISC, CIPP, CIPM, or similar compliance and governance credentials

• Advanced PCI or regulatory compliance certifications

• Experience implementing or managing GRC platforms

• Background working within regulatory consulting, audit firms, or large enterprise compliance programs

• Experience leading enterprise-wide compliance transformation initiatives

• Familiarity with compliance automation tools and security platforms

WHAT WE OFFER:

• The annual salary range for this role is $160,000-$230,000.  
• We offer Medical, Dental, Vision plans, 401K with matching, and PTO for salaried employees.
• Work/life balance – we know there’s more to life than work! We encourage our team to pursue other passions, get outside, and spend time with family. We work with clients and consultants to set expectations for a manageable workload.

LOCATION:

This role requires on-site presence at our client's location in Seattle, WA.  We are only considering candidates that currently live within commuting distance to Seattle, WA.

HOW TO APPLY:

Please fill out the form below (including uploading your most recent resume) and we'll be in touch! We know imposter syndrome can be a barrier to many great applicants. We hope you'll still consider applying. That's why we've made the application process as short and simple as possible.

Even if you're not a fit for the role, you can expect to hear back from us! We want you to have the best experience as a candidate, so please feel free to share feedback at any stage of the process to talent@kallesgroup.com.

Kalles Group is an equal-opportunity employer and does not discriminate on the basis of creed, nationality, race, ethnicity, disability, gender, or other protected class.