Senior GRC Compliance Analyst (Hybrid - Seattle)

About The Position

Requirements

• Experience: 5+ years of experience in regulatory compliance with demonstrated specialization in specific regulatory domains
• 5+ years of experience managing technically complex PCI assessments end to end with external assessors
• Deep knowledge of PCI assessment processes and requirements at a Level 1 merchant, including data centers, retail locations, call centers, and cloud computing environments
• Education: Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or related field, or equivalent work experience
• Technical Knowledge: Demonstrated proficiency with security and regulatory frameworks (CIS, NIST, SOX, HIPAA, PCI DSS, CCPA, etc.)
• Broad and deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
• Knowledge of how regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud
• Experience building or maintaining a Common Control Framework
• Skills: Advanced compliance assessment capabilities and stakeholder management experience
• Ability to adapt methodologies to complex regulatory scenarios
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit
• Highly collaborative skillsets and can build and leverage relationships with internal and external stakeholders
• Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties

Nice To Haves

• Certifications: Professional-level certification preferred (CISA, CRISC, CIPP, CPA, CIA, CISM, CISSP, or equivalent)
• Domain-specific certifications valued (PCI Professional, SOX certifications, privacy certifications, or relevant regulatory specializations)
• Additional Experience: Experience with assessment automation
• Technical background and demonstrated proficiency in security tooling
• Experience with Onspring GRC platform

Responsibilities

• Design and execute specialized compliance assessments for complex regulatory environments, emerging regulations, multi-jurisdictional requirements, and specific industry standards, adapting methodologies as needed
• Serve as a PCI subject matter expert and lead the annual merchant assessment process
• Support various regulatory and security assessments , applying both qualitative and quantitative assessment techniques and developing test approaches for compliance validation
• Provide guidance and best practices to Nordstrom engineers and leadership on how to effectively meet regulatory requirements
• Coordinate operational activities across multiple stakeholders including Legal, IT, Finance, and Business teams to ensure comprehensive regulatory coverage and effective remediation strategies
• Manage the full lifecycle of applicable risk/compliance remediation plans , including the development of detailed treatment plans, their documentation, rigorous tracking, and validation of efforts from internal stakeholders
• Implement process improvements within specialized compliance domains, developing standardized approaches and best practices for recurring regulatory assessment scenarios
• Drive the standardization and enhancement of assessment programs and improve the Common Control Framework to increase control testing efficiency
• Identify and implement process improvements to enhance operational efficiency
• Provide input and guidance on security policies and standards to ensure compliance with regulatory requirements
• Develop compliance metrics and reporting for specialized regulatory domains, creating dashboards and analytics that provide actionable insights to management and support regulatory reporting
• Define KPIs and KRIs and continuously measure and report on the effectiveness of our control posture, driving year-over-year improvement and sustained audit success
• Support quarterly strategic initiatives by contributing regulatory expertise to short-term compliance projects and organizational improvement efforts
• Contribute to the strategic vision and roadmap for the Compliance Assessment Team, supporting the development of reusable, scalable solutions to enhance program efficiency and support organizational growth
• Educate stakeholders on regulatory compliance requirements and changes through training sessions, workshops, and consultation to improve organizational compliance awareness and readiness
• Mentor junior analysts by providing guidance on assessment techniques, regulatory interpretation, and organizational compliance practices

Benefits

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources
• 401k
• medical/vision/dental/life/disability insurance options
• PTO accruals
• Holidays