Jeff Mckenna

In my current role at Cardworks Servicing LLC – Merrick Bank, I developed and managed the organization’s PCI compliance program, achieving a 100% annual compliance renewal rate. I’ve managed internal and external audits, streamlined evidence collection using centralized repositories, identified and managed key risks to our IT environments, documented compensating controls, and provided ongoing PCI DSS compliance training efforts that have significantly enhanced audit readiness and organizational resilience. My previous tenure as a PCI/HIPAA Auditor allowed me to lead complex audits across diverse IT environments.

Four years, Information Security Risk and Compliance Analyst II - 

Developed and maintained the company’s PCI program from scratch, including development of PCI policies, procedures, and audit maintenance tasks. Ongoing responsibilities included project management and interdepartmental coordination to ensure continued compliance efforts.

• Achieved 100% annual PCI compliance rate.

 • Led PCI program transition from v.3.2.1 to v.4.0.1. 

• Coordinated GLBA, SOC1, SOC2, PCI DSS compliance alignment with CIS and NIST security frameworks.

 • Engaged and negotiated contracts with auditors, including scope documentation. Managed agendas and ensured availability of appropriate personnel during audits.

 • Reviewed, approved, and denied PCI audit evidence using a centralized audit repository.

 • Timely submission of periodic requirements related to PCI compliance and risk management. 

• Identified, managed, and addressed key risks throughout PCI project engagements.

Three years, PCI Auditor -  
Led end-to-end external PCI DSS assessments across data centers, offices, and cloud environments for various clients. This included onsite and remote testing of security controls and regular communications with clients to ensure compliance.

 • Scoped complex CDE boundaries and validated cardholder data flows.

 • Maintained evidence repository and produced comprehensive audit reports. 

• Discussed findings with client stakeholders and recommended remediation strategies for PCI DSS and HIPAA requirements.

 • Developed customizable audit checklists aligned to PCI/HIPAA.

 • Advised clients on risk and compliance management strategies.

Eight years, PCI Fulfillment Supervisor- Led team of seven agents supporting PCI compliance validation.

Some college, I majored in Computer Science and never graduated. 

Certifications: 

PCI SSC Qualified Security Assessor (QSA)

 Certified Information Systems Security Professional (CISSP)

 Certified Information Systems Auditor (CISA)

 CompTIA Security+ 

HCISPP