New Batch Starting from 23rd May 2026

Credential to launch your #CyberCareer

Certified PCI DSS Implementor and Auditor

GISA Council’s Certified PCI DSS Implementer and Auditor training is a comprehensive, practical program designed to build expertise in PCI DSS v4.0.1 compliance, implementation, and audit. The course bridges the gap between theory and real-world application, enabling professionals to confidently work on PCI projects and assessments.

Enroll Now! Logo - Earn CPE Credits

Talk to our expert

Name *

Mobile Number with country code *

Provide WhatsApp number if you have.

Email *

City / Town *

Country *

Current Profession *

Current Company / Organization *

Interested for *

Request a call back

 OR

Inquire on WhatsApp

Candidates from outside India will receive our call on WhatsApp. Please Click here to save our number to recognize us as known and solicited caller.

Trusted by executives from global enterprises

Career Prospects

The different job profiles a professional can enter with PCI DSS credential:

GRC Analyst (with PCI focus)
PCI DSS Analyst
IT Audit Associate (PCI engagements)
Compliance Analyst (Payments domain)
PCI DSS Consultant
IT Auditor (PCI / SOC / ISO)
Risk & Compliance Specialist
Security Consultant (Payments / Fintech)
PCI DSS Lead / Manager
GRC Manager
Information Security Manager
QSA (Qualified Security Assessor – through official route)

Who should earn PCI DSS Credential?

PCI DSS Credential is well suited for:

GRC, Risk & Compliance Professionals
IT Auditors and Internal Auditors
Information Security & Cybersecurity Professionals
IT teams handling card data security
PCI DSS Implementers / Aspiring Auditors
Professionals from banking, fintech, and e-commerce
Freshers and career switchers

PCI DSS Certification Course Details

Topics Covered

Module 1: Introduction to PCI DSS 4.0.1

History and Drivers for Change (The threat landscape).
Transition Timeline: v3.2.1 retirement vs. v4.0.1 adoption.
Key Differences: v4.0 vs. v4.0.1 (Clarifications in Requirements 6, 8, and 12).

Module 2: The Compliance Framework

Merchant and Service Provider Levels.
The 12 Requirements: High-level architectural overview.
Defined Approach vs. Customized Approach: When and how to use the "Customized" path.

Module 3: Scope s Asset Management

Defining the Cardholder Data Environment (CDE).
The Importance of Inventory: Identifying people, processes, and technology.
Segmentation: Strategies for reducing scope.

Module 4: Building Secure Networks (Req 1 & 2)

Evolving Firewall terminology to "Network Security Controls" (NSC).
Managing configurations and removing vendor-supplied defaults.

Module 5: Protecting Stored Account Data (Req 3)

New requirements for Sensitive Authentication Data (SAD) storage.
Primary Account Number (PAN) masking: The "BIN/Last 4" rule.
Disk-level vs. Column-level encryption.

Module 6: Data in Transit (Req 4)

Securing transmissions over open, public networks.
Inventory of certificates and keys.

Module 7: Malware & Phishing (Req 5)

Phishing-specific controls and awareness requirements.
Anti-malware on removable media and automated log analysis.

Module 8: Software Security & Scripts (Req 6)

Crucial Update: Managing scripts on payment pages (Requirement 6.4.3).
Inventory of custom software and patch management (30-day rule for criticals).

Module 9: Identity s Access Management (Req 7, 8 & 9)

Universal MFA: Mandatory for all CDE access (March 2025 deadline).
Password complexity (min 12 characters) and phishing-resistant MFA.
Physical security and visitor management.

Module 10: Logging s Monitoring (Req 10)

Automated log reviews and failure detection for security controls.
Time synchronization (NTP) requirements.

Module 11: Security Testing (Req 11)

Authenticated Scanning: The shift in internal vulnerability assessment.
Penetration testing frequency and scope.
Change detection for payment pages (Magecart protection).

Module 12: Governance & Risk (Req 12)

Targeted Risk Analysis (TRA): Defining your own frequency for certain controls.
Documenting Roles C Responsibilities for all 12 requirements.
Third-party Service Provider (TPSP) monitoring.

Module 13: The Assessment Process

Reporting on Compliance (ROC) vs. Self-Assessment Questionnaires (SAQ).
Evidence collection best practices.
Compensating Controls vs. Customized Approach.

Module 14: Practical Workshop / Case Study

Scoping Exercise: Redesigning a CDE for 4.0.1 compliance.
Risk Analysis Workshop: Performing a TRA for Requirement 5.2.3.1.

Module 15: Final Review &Assessment

Q & A Session.

Duration	20 Hours
Mode of Delivery	Online (Weekend Classes / Live Instructor-led)
Batch Schedule (Dates and Timing)	Upcoming Batch : 23rd May 2026 IST: 5:30 PM - 09:30 PM UTC: 12:00 PM to 4:00 PM Future batch: To be announced
Trainer	Pradeep C S
You will receive	Practical Domain Mastery End-to-End Implementing Skills Practical Exposure with dummy data In-Depth Coverage of all critical domains Scenario-Based Assessment 20 Hours Live Online Training CPE Certificate after course completion Perfect for candidates who wants practical approach in PCI DSS
Assessment Schedule, Structure and Passing Requirements	Assessment shall be conducted at the end of instructor-led training Date: To be announced Timing: To be announced
Fees	Indian Participants (Resident Indian Citizens): ₹ 7,500 International Participants (Foreign Nationals / NRIs): US$ 120
Training Partner	SMC Services
How to register?	Click here to Register

Know the Trainer

Pradeep C S

Cybersecurity Expert

With over 28+ years of industry experience, including 22 years in Information Security, Cyber Security, and Data Privacy, Pradeep brings deep expertise in building and leading large-scale security and risk programs across global organizations.

Having worked extensively with Fortune 100 clients, Pradeep has successfully established and managed enterprise-wide risk postures across critical domains such as Operational Risk, Compliance Risk, and Technology Risk. Their experience spans multiple industries including BFSI, ITES, Telecom, and Healthcare, providing a well-rounded and practical perspective on real-world challenges.

A recognized expert in IT Governance, Business Continuity (BCP/DR), and compliance frameworks, Pradeep has hands-on experience in achieving and maintaining certifications such as PCI DSS, SOC 2, HIPAA, GDPR, and ISO 27001.

Certification
(PCI DSS Credential)

On successful completion of training and fulfilling assessment criteria, the candidate will be awarded a certificate which will entitle the candidate to be a GISA Council Certified ‘Certified PCI DSS Implementor and Auditor'.