PCI Compliance Senior Analyst (Remote Opportunity)

Hyatt Hotels Corp.•Chicago, IL

39d•$95,000 - $120,000•Remote

About The Position

Hyatt Hotels Corporation seeks an enthusiastic Sr. GRC analyst to join our IT Governance, Risk Management, and Compliance team. In this role, you will be collaborating closely with cross-functional teams, where you will be instrumental in continuing to make Hyatt a leading hospitality company. You will be part of a team that is passionate about our purpose, committed to nurturing curiosity and new skills, and building connections with colleagues, customers, and guests across the organization. At Hyatt, we believe in the power of belonging and creating a culture of care, where our colleagues become family. Since 1957, our colleagues and our guests have been at the heart of our business and helped Hyatt become one of the best and fastest-growing hospitality brands in the world. Our transformative growth and the addition of new hotels, brands, and business lines can open the door for exciting career and growth opportunities for our colleagues. As we continue to grow, we never lose sight of what's most important: People. We turn trips into journeys, encounters into experiences, and jobs into careers. This is an exciting time to be at Hyatt. We are growing rapidly and are looking for passionate changemakers to be a part of our journey. The hospitality industry is resilient and continues to offer dynamic opportunities for upward mobility, and Hyatt is no exception. What sets us apart is our purpose-to care for people so they can be their best. Every business decision is made through the lens of our purpose, and it informs how we have and will continue to support each other as members of the Hyatt family. Our care for our colleagues is the key to our success. We're proud to have earned a place on Fortune's prestigious 100 Best Companies to Work For list for the last ten years. This recognition is a testament to the tremendous way our Hyatt family continues to come together to care for one another, our commitment to a culture of inclusivity, empathy, and respect, and making sure everyone feels like they belong. As our ideal candidate, you understand the power and purpose of our culture of care and embody our core values of Empathy, Inclusion, Integrity, Experimentation, Respect, and well-being. You enjoy working with others, are results-driven, and are looking for a variety of opportunities to develop personally and professionally. The Senior GRC Analyst will serve as a subject matter expert in Payment Card Industry Data Security Standard (PCI DSS) compliance, supporting the organization's ongoing PCI-related assessments and certification efforts. This role is responsible for leading assessment activities, ensuring compliance with applicable requirements, and working closely with cross-functional teams to identify, document, and remediate gaps. In addition to PCI responsibilities, the Senior GRC Analyst will assist other IT compliance engagements where you will act as the 2nd line of defense for the organization, such as SOX IT General Controls (ITGC)evaluations, vendor security assessments, regulatory reviews, etc.. The Senior GRC Analyst will also drive process improvements to strengthen the organization's overall compliance posture and reduce risk exposure.

Requirements

Bachelor's degree in Information Security, Information Technology, Risk Management, Cyber Security, or a related field (or equivalent work experience).
5 years of experience in GRC, IT compliance, or information security, with significant PCI DSS and SOX ITGC experience.
Proven history of leading PCI DSS Level-1 Service Provider assessments with a QSA.
Strong understanding of PCI DSS requirements, SOX Compliance, and general IT audit frameworks.
Experience coordinating with external auditors and managing cross-functional remediation efforts.
Excellent organizational, communication, and stakeholder management skills.

Nice To Haves

Preferred certifications: PCI Qualified Security Assessor (QSA), PCI Internal Security Assessor (ISA), CISA, CISSP, CRISC, or equivalent.

Responsibilities

Lead the end-to-end PCI DSS Level-1 Service Provider assessment process in collaboration with the external QSA, from planning through final Report on Compliance (ROC) delivery.
Serve as the primary liaison with QSAs, external auditors, and internal stakeholders to ensure timely deliverables, effective communication, and resolution of findings.
Interpret PCI DSS requirements and provide actionable guidance to technical and business teams for effective implementation.
Oversee evidence gathering, review, and validation to support PCI DSS, SOX ITGC, operational audits in conjunction with Hyatt Internal Audit, and other compliance assessments.
Manage SOX ITGC audit activities, including coordinating with control owners, addressing deficiencies, maintaining control documentation, and overseeing remediation activities with the control owners.
Support other IT compliance initiatives such as vendor risk management, ISO 27001 alignment, and regulatory or contractual audits.
Develop and maintain compliance-related policies, procedures, and control documentation.
Track, monitor, and report compliance metrics to management and senior leadership.
Stay informed on regulatory and industry changes, advising stakeholders on potential impacts and required adjustments.

Benefits

Annual allotment of free hotel stays at Hyatt hotels globally
Flexible work schedule
Work-life benefits including wellbeing initiatives such as a complimentary Headspace subscription, and a discount at the on-site fitness center
A global family assistance policy with paid time off following the birth or adoption of a child as well as financial assistance for adoption
Paid Time Off, Medical, Dental, Vision, 401K with company match

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume