cybersecurity analyst senior, compliance

About The Position

Requirements

• Bachelor's degree in computer science or related field or 3+ years of relevant experience.
• Apply knowledge of business principles and technology practices to achieve successful outcomes in cros-function activities.
• Excellent analytical and problem-solving skills.
• Expertly align systems to business needs.
• Generate comprehensive documentation in support of systems.
• Exhibit exceptional oral and written interpersonal and communication skills.
• Experience Microsoft Office products such as Word and Excel proficiently.
• Apply a deep understanding of business processes and process improvement initiatives.
• Provide top-tier customer service.
• Implement system development concepts effectively.
• Proven working knowledge of systems development lifecycle and IT operations.
• Ability to use business knowledge, sound judgment, and resourcefulness to design and deploy highly reliable and sustainable technology solutions.
• Ability to balance multiple priorities and meet deadlines.
• Configuration knowledge of relevant applications/modules/platforms.

Nice To Haves

• 3+ years of progressive industry experience in Information Risk Management, IT Governance, IT Compliance, Data Privacy or Internal/External Technology Audit disciplines, with at least two of those years in an IT or a software development setting.
• Experience in cybersecurity, network security, or cloud security, with direct exposure to PCI DSS environments
• Strong understanding of network architecture, cloud security design, encryption protocols
• Experience translating compliance requirements into technical solutions
• Proven working knowledge of system development lifecycle and IT operations.
• Direct experience supporting PCI DSS assessments (QSA-facing)
• Experience designing or validating CDE segmentation in cloud and hybrid environments
• Familiarity with payment ecosystems (processors, tokenization)
• Exposure to Common Control Framework (CCF) practices with knowledge and ability to track common control requirements across numerous security and regulatory standards
• Ability to influence technical and business stakeholders in complex environments
• Certifications such as PCI QSA/ISA, PCIP, CISA, CISSP, CISM, CIPM or others focused on controls assurance, information security, data privacy or information risk management is a strong plus
• Hands on experience in developing roadmaps, story outlines, writing user stories, refining product backlogs, and coordinating/prioritizing conflicting requirements across teams in a fast-paced, changing environment
• Experience in engineering and/or platform role for GRC solutions and/or cybersecurity risk management solutions.

Responsibilities

• Lead PCI architecture reviews, including segmentation design, network flows, and system interactions involving cardholder data
• Provides expertise on encryption (data at rest/in transit), tokenization, and key management
• Lead PCI scoping, validate data flows (DFDs), and CHD lifecycle
• Identify opportunities to eliminate or reduce cardholder data storage and shrink PCI scope
• Translate PCI DSS requirements into technical control implementations
• Support PCI assessments (QSA-facing), including evidence validation, control testing, and remediation planning
• Design and maintain risk and control matrices aligned to PCI and enterprise standards
• Track remediation, risk acceptance, and exceptions with stakeholders
• Provide guidance on use of compliance and risk management tools and processes
• Develop documentation and training for compliance processes and tooling
• Drive automation of PCI control validation and evidence collection
• Configure GRC/IRM platforms to support control testing, assessments, and reporting
• Enable continuous monitoring through integrations, APIs, and data models
• Develop metrics and dashboards for control health and risk visibility
• Gather, analyze, and document solution requirements. Facilitate user story creation and backlog grooming in an agile delivery environment
• Utilize agile delivery methodologies and participates on scrum teams to deliver on projects
• Effectively assess overall improvement opportunities (productivity/efficiency gains, cost savings, etc.)
• Partner with engineering teams to embed PCI requirements into system design
• Provide guidance aligned to policies, standards, and risk reduction
• Develop reusable templates, documentation, and training
• Support delivery of compliance capabilities and program metrics (KPIs)
• Self-directed; is successful with minimal direction from more senior analysts providing escalation when necessary

Benefits

• medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits
• short-term and long-term disability
• paid parental leave
• family expansion reimbursement
• paid vacation from date of hire
• sick time (accrued at 1 hour for every 25 hours worked)
• eight paid holidays
• two personal days per year
• 401(k) retirement plan with employer match
• discounted company stock program (S.I.P.)
• Starbucks equity program (Bean Stock)
• incentivized emergency savings
• financial well-being tools
• 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan
• student loan management resources
• access to other educational opportunities
• backup care
• DACA reimbursement