Senior GRC Compliance Analyst (Hybrid, Seattle)

About The Position

Requirements

• Experience: 6-8 years of regulatory compliance experience with demonstrated leadership of cross-functional regulatory initiatives, including at least 2 years leading or building PCI programs
• Proven track record of designing and implementing enterprise-level compliance methodologies across multiple regulatory domains
• Demonstrated experience with technical scoping and de-scoping in hybrid on-premises and cloud PCI environments
• Direct experience building and managing Common Control Framework (CCF) programs
• Experience leading cross-functional technical teams through complex compliance initiatives
• Demonstrated ability to align compliance operations with strategic business objectives through medium-term planning
• Education: Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or related field, or equivalent work experience
• Technical Knowledge: Expertise in multiple regulatory domains and frameworks (CIS, NIST, SOX, HIPAA, , CCPA, etc.) and deep understanding of PCI DSS v.4. Direct experience testing technical controls
• Deep understanding of enterprise compliance architecture and integrated control frameworks
• Knowledge of operational workflow design and process optimization for regulatory compliance
• Experience developing operational standards and quality criteria for compliance processes
• Skills: Advanced methodology development and enterprise framework design capabilities
• Excellence in stakeholder management and external regulatory relationship management
• Strong ability to facilitate senior leadership workshops and drive consensus on complex regulatory topics
• Ability to make significant commitments and design workflows within enterprise governance structures
• Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties and regulators
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit

Nice To Haves

• Certifications: Multiple advanced professional certifications preferred (CISA, CRISC, CIPP, CIPM)
• Specialized certifications valued (Advanced PCI certifications, regulatory-specific credentials, or equivalent compliance management certifications)
• Additional Experience: Experience with GRC platform implementation and management
• Background in regulatory consulting or audit firms
• Experience leading enterprise-wide compliance transformation initiatives
• Proficiency in compliance automation and security tooling

Responsibilities

• Mature and formalize the PCI DSS compliance program from foundational elements, establishing policies, procedures, RACI, and operational workflows that meet QSA and acquiring bank expectations
• Design comprehensive compliance assessment methodologies for enterprise regulatory requirements, creating frameworks that integrate multiple regulatory domains and align with business objectives
• Develop operational standards and quality criteria for compliance processes, ensuring consistency and effectiveness across the organization while meeting diverse regulatory requirements
• Implement integrated controls across multiple regulatory and business domains, ensuring comprehensive compliance coverage and efficient resource utilization
• Define, design and implement KPIs and KRIs for the compliance space
• Manage third-party compliance assessments including external regulatory examinations, compliance consulting engagements, and specialized regulatory advisory projects
• Serve as primary liaison with internal and external compliance auditors and stakeholders, representing the organization's compliance posture and remediation efforts
• Make significant commitments for third-party compliance assessments, regulatory consulting, and compliance platforms within established enterprise frameworks
• Align operational activities with strategic objectives by participating in medium-term planning (6-18 months) and ensuring compliance initiatives support business goals and regulatory expectations
• Lead senior stakeholder workshops on complex regulatory topics, facilitating decision-making and consensus-building around compliance strategies and regulatory risk tolerance
• Coordinate cross-functional regulatory initiatives across Legal, IT, Finance, and Business teams to ensure comprehensive regulatory coverage and strategic execution
• Contribute to the strategic vision and roadmap for the Compliance Assessment Team, developing reusable, scalable solutions to enhance program efficiency and support organizational growth
• Educate senior stakeholders on regulatory compliance requirements and changes through workshops, strategic sessions, and consultation to improve organizational compliance awareness and readiness
• Facilitate decision-making processes around complex regulatory scenarios, helping leadership understand regulatory risk tolerance and compliance strategy options
• Provide expert guidance on regulatory interpretation and application across diverse business contexts and technical environments

Benefits

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources