Title: PCI Compliance Analyst
About The Position
Travel + Leisure Co. is the world's leading vacation ownership and travel membership company, with a dynamic and growing portfolio of resort, travel club, and lifestyle travel brands. Our dedicated associates help the company achieve its mission to put the world on vacation. Innovation and growth keep our work interesting and fun. Every day is a chance to learn something new and turn vacation inspiration into exceptional experiences for millions of travelers worldwide. The PCI Compliance Analyst is responsible for assisting Travel + Leisure ("T+L") Information Technology (IT) Governance, Risk, & Compliance organization in complying with T+L's governing IT Security Policy & Standards in addition, to federal, regulatory, and legislative Sarbanes-Oxley (SOX 404) and Payment Card Industry (PCI) requirements. The PCI Compliance Analyst plays a key role in helping maintain compliance with PCI DSS requirements and supporting our broader Governance, Risk & Compliance program. Focus on conducting PCI compliance assessments, testing controls, gathering evidence, interviewing technical teams, identifying gaps, and supporting remediation efforts, will partner closely with infrastructure, security operations, enterprise applications, and various business units to understand how cardholder data flows across the organization and ensure we maintain a strong security and compliance posture.
Requirements
- Bachelor's degree preferred or relevant work experience in IT field
- Experience with regulations such as PCI or General Computing Controls (GCC) is preferred
- Excellent communication skills, able to communicate results quickly and effectively
- Information Technology experience, specifically the ability to understand IT Systems and Infrastructure, as well as IT workflow is a requirement
- Excellent analytical, critical thinking and problem-solving skills with high attention to detail.
- Ability to effectively learn new tools and technologies.
- Understanding of IT systems: servers, cloud, firewalls, Intrusion Detection Systems (IDS), data flows, segmentation.
- Understanding of automation and scripting
- 0 to 2 Years relevant experience
- Experience equivalent to the education requirement may be accepted in lieu of the education requirement.
Responsibilities
- Support Services: Vulnerability Support, Security Awareness, eGRC Support, Advisory Services
- Policy Governance: Policies, standards, guidelines, and exception processing
- Compliance Monitoring: PCI, SOX, GDPR, HIPAA, CCPA
- Internal Compliance Reviews: Vendor, solution, 3rd party risk, M&A reviews
- Support the annual PCI DSS compliance assessment for corporate and shared IT services.
- Understand scope boundaries, segmentation, data flows, and technical environments as they relate to PCI compliance.
- Contribute to improving efficiency, including opportunities for automation or scripting.
Benefits
- Medical
- Dental
- Vision
- Flexible spending accounts
- Life and accident coverage
- Disability
- Depending on position, paid time off, parental leave and holidays (speak to your recruiter for additional information)
- Wish day paid time to volunteer at an approved organization of your choice
- 401k with employer match (subject to eligibility requirements, including tenure - speak to your recruiter for additional information)
- Legal and identify theft plan
- Voluntary income protection benefits
- Wellness program (subject to provider availability)
- Employee Assistance Program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
Industry
Accommodation
Number of Employees
5,001-10,000 employees
