Sr. GRC/PCI Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or a related field or equivalent experience.
• 5+ years of experience in GRC, compliance, or information security
• Hands-on experience supporting PCI DSS audits or compliance programs
• Strong understanding of PCI DSS requirements and control structure
• Strong understanding of control documentation and evidence expectations
• Experience managing audit evidence and documentation repositories
• Strong organizational skills with high attention to detail

Nice To Haves

• Experience supporting a PCI DSS ROC (merchant or service provider)
• ISA (Internal Security Assessor) certification
• Experience with GRC tools (e.g., OneTrust (preferred), Archer, ServiceNow GRC, Audit/evidence management platforms)
• Familiarity with ISO 27001
• Familiarity with SOC 1 / SOC 2
• Familiarity with GDPR or data privacy frameworks

Responsibilities

• Support the implementation and operationalization of PCI DSS v4.0 controls across infrastructure, applications, and business processes.
• Partner with control owners to ensure requirements are clearly understood and effectively implemented.
• Track control status, gaps, and remediation progress.
• Develop and maintain policies, standards, and procedures aligned to PCI DSS, control narratives and process documentation, and evidence artifacts required for audit.
• Build and manage a centralized evidence repository mapped to PCI requirements.
• Ensure all documentation is accurate, complete, and audit-defensible.
• Prepare the organization for PCI assessment by validating control implementation, conducting internal readiness reviews, and identifying and remediating documentation gaps.
• Support the QSA audit process, including responding to evidence requests, coordinating interviews and walkthroughs, and tracking audit findings and follow-ups.
• Assist in maintaining data flow diagrams, system inventories, and Cardholder Data Environment (CDE) documentation.
• Map controls to PCI DSS requirements and ensure traceability between requirements, controls, and evidence.
• Support PCI gap assessments across systems, applications, and vendors.
• Track and manage remediation items, ensuring timely closure.
• Identify control weaknesses and escalate risks to the Program Director.
• Work closely with IT/Security, Business and Operations teams, Application Development teams, and Legal/Compliance/Risk.
• Ensure alignment between technical implementation and compliance requirements.
• Support documentation and validation of scope reduction initiatives, including tokenization implementations and segmentation strategies.
• Ensure evidence clearly demonstrates reduction of PCI scope and removal of PAN from systems where applicable.

Benefits

• Medical
• Dental
• Vision
• Employee rewards and recognitions program
• Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support.