The Eugene Water & Electric Board (EWEB) is seeking a qualified consultant to provide an independent, comprehensive assessment of EWEB's current PCI DSS compliance posture and deliver a structured roadmap to achieve and sustain compliance under PCI DSS v4.0. The selected contractor will conduct a PCI DSS assessment in alignment with the six PCI DSS control objectives, including building and maintaining a secure network and systems, protecting account data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy. The contractor will provide a gap analysis, identification of control gaps, and a prioritized remediation roadmap aligned with PCI DSS v4.01 requirements. Key aspects of the job include: • Identification and documentation of all cardholder data flows • Validation of PCI scope considering EWEB's 2024 SAP S/4HANA implementation and related integrations • Development of a prioritized remediation roadmap aligned with PCI DSS v4.01 requirements • Delivery of executive-level and operational-level reporting The contract for this project will start from the date of award and will last approximately until August 31, 2026.