Security & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Information Technology, or related field (or equivalent experience).
• 3–5 years of experience in IT security, compliance, or audit, preferably within a retail or financial environment.
• Hands-on experience with PCI DSS compliance programs, evidence collection, and remediation management.
• Familiarity with network security, encryption, firewalls, vulnerability management, and logging systems.
• Familiarity with cloud environments, particularly AWS; experience with services relevant to secure data handling and compliance (e.g., IAM, CloudWatch, Secrets Manager, VPC segmentation) is a plus.
• Experience with compliance tracking, documentation, or GRC tools; familiarity with enterprise platforms such as ServiceNow or equivalent is a plus.
• Knowledge of POS systems, cardholder data environments, and segmentation practices.
• Strong attention to detail and analytical skills.
• Excellent written and verbal communication skills.
• Ability to work cross-functionally and manage multiple priorities in a fast-paced retail environment.

Nice To Haves

• PCI Professional (PCIP) or Certified Information Systems Auditor (CISA) preferred; CISSP or equivalent a plus.

Responsibilities

• Support and maintain the organization’s PCI DSS compliance program across all in-scope systems, networks, and business units.
• Conduct internal PCI assessments, gap analyses, and readiness reviews to identify and remediate compliance deficiencies.
• Maintain documentation of PCI controls, evidence, and audit artifacts in the company’s Governance, Risk, and Compliance (GRC) platform.
• Partner with IT, Security, and Retail Operations to validate technical and procedural controls for compliance.
• Coordinate with Qualified Security Assessors (QSAs) during annual assessments, providing documentation and remediation updates.
• Monitor system changes, new technologies, and third-party services for PCI scope impact.
• Track and report compliance status, risks, and remediation progress to management.
• Develop and deliver PCI awareness training for staff and store-level employees handling payment data.
• Review and assess vendor compliance with PCI DSS and ensure required Attestations of Compliance (AOC) are maintained.
• Stay current on PCI DSS version updates, industry trends, and payment security best practices.
• Support broader security and compliance initiatives beyond PCI, including vendor risk management, cloud security controls (AWS), and policy development as the program matures.