Tevora Leadership

Eric Sampson

Director, Payments

About Eric Sampson

Eric oversees Tevora’s payments practice, leading a team of Qualified Security Assessors (QSAs) in supporting clients through PCI DSS assessments and broader payment security initiatives. His work spans Self-Assessment Questionnaires (SAQs), PCI Point-to-Point Encryption (P2PE), PCI Card Production and Provisioning (CPP), and the PCI Software Security Framework (SSF). He focuses on helping organizations build and mature PCI compliance programs while aligning their efforts with broader frameworks such as ISO 27001, SOC 2, and the NIST Cybersecurity Framework.

Notable Accomplishments

With more than 20 years of assurance and compliance leadership, Eric brings extensive experience across PCI DSS and related PCI standards, SOC 1 and SOC 2 examinations, HIPAA security assessments, WebTrust for certification authority engagements, and Federal PKI audits. He has overseen or contributed to more than 500 client engagements spanning retail, eCommerce, fintech, healthcare, and technology sectors.

CERTIFICATIONS: PCI QSA, CISSP, CISM, CISA, ISO 27001 Lead Auditor, CCSK, PCIP, CIPP/US

Compliance Frameworks:  PCI DSS, SOC 1 & SOC 2, HIPAA, ISO 27001, GDPR, NIST SP 800-53, NIST SP 800-171

EDUCATION: Bachelor’s degree in Information Systems