Compliance Engineer - PCI

CostcoIssaquah, WA
236d$150,000 - $225,000
Match Resume

About The Position

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. This is an environment unlike anything in the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees. Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco's policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead. The Costco Digital Services (CDS) Compliance Engineer will play a crucial role in supporting the PCI DSS compliance initiatives at Costco Wholesale. This position is responsible for collaborating closely with cross functional teams including Product, Infrastructure, Engineering, Security (Compliance Vendor Risk, Vulnerability Management, Training, Operations, Incident Response, etc.), Risk, Legal, and Business to develop and implement plans for data security, conducting assessments, and ensuring compliance with industry standards. The role requires strong understanding of PCI compliance and strong knowledge in other security frameworks, as well as the ability to communicate effectively to internal stakeholders and external assessors. The successful candidate will report directly to the Manager of PCI Compliance who is responsible for establishing and maintaining PCI compliance programs across Costco Wholesale globally. If you want to be a part of one of the worldwide BEST companies “to work for”, simply and let your career be reimagined.

Requirements

  • 10+ years of professional experience with at least 7+ years in Security GRC, IT security, or a related field, with in-depth working knowledge of PCI standards.
  • Prior experience supporting a Level 1 or Level 2 Merchant's PCI DSS compliance effort, working with an ISA or QSA, or serving as an ISA or QSA.
  • A strong understanding of different computing architectures (including cloud) and security patterns, including assessing and implementing PCI controls in such environments.
  • Knowledge of industry security, audit, and privacy standards, frameworks, and regulations, such as PCI DSS (and other PCI standards), ISO27001, COBIT, SSAE18, GDPR, or SOX.
  • Familiarity with GRC (Governance, Risk, and Compliance) solutions, tools, platforms.
  • Advanced knowledge of five or more of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, antivirus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy.
  • Ability to scope penetration tests for PCI by defining specific systems, networks, and applications that will be tested to comply with PCI DSS.
  • Ability to scope, interpret and prioritize systems, applications and network vulnerability results.
  • Ability to propose creative solutions to successfully remediate identified compliance issues.
  • High levels of curiosity, persistence, and a grounded approach to getting work done.
  • Ability to identify problems, analyze data and present conclusions effectively.
  • Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end users, and stakeholders in an effective and appropriate manner.
  • Ability and willingness to travel domestically and/or internationally up to 15% of the year.

Nice To Haves

  • Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or equivalent expertise.
  • Architectural level experience in information security, data compliance, and risk management.
  • Strong ability to build healthy relationships across teams and with stakeholders.
  • Strong security acumen, balanced by keen understanding of the need for business flexibility and agility.
  • Experience managing and working with a variety of teams globally.
  • Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Responsibilities

  • Defines and leads activities to support ongoing PCI program health and maturity.
  • Documents and maintains cardholder data environment scope narratives and supporting evidence.
  • Monitors business activities by collaborating with cross-functional team leaders to ensure the organization maintains compliance.
  • Represents the team in PCI DSS initiatives and programs as the subject matter expert on PCI compliance and data security and provides general PCI-related support and guidance to teams.
  • Performs ongoing design and operating effectiveness reviews to identify changes impacting the PCI ecosystem and work with teams on compliance readiness roadmaps.
  • Assists in the development of training on PCI topics to relevant stakeholders.
  • Leads the planning and execution of PCI assessments for various Costco entities.
  • Manages and leads project teams, including analysts and delivery managers to drive results.
  • Coordinates with external assessors, process/control owners, and other key stakeholders to streamline the assessment process for efficiencies.
  • Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.
  • Establishes and meets deadlines to ensure adherence to rules, regulations, and/or Costco policy.

Benefits

  • Paid time off
  • Health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance
  • Health care reimbursement account
  • Dependent care assistance plan
  • Short-term disability and long-term disability insurance
  • AD&D insurance
  • Life insurance
  • 401(k)
  • Stock purchase plan to eligible employees

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Industry

General Merchandise Retailers

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service